Microsoft designs and maintains its own AIS (accounting information system). This system is equipped with its own internal controls that prevent employees from having the ability to see or change information the company does not believe they need access to. The AIS also has to take into account the different regulations in different regions of the world (such as using the word "region" rather than the word "country" so as to avoid offending certain nations...). Management does their own internal audits to confirm that their internal controls and the AIS are effective. In addition, in 2017 they included new internal controls related to the new accounting standards regarding revenue recognition - meaning that periodic updates are done to the internal controls and the AIS as well. This is a good opportunity to maintain effective internal controls. This is something I’d need to take into account as an auditor when determining if Microsoft’s internal controls are sufficient.
A problem with Microsoft's distribution is that a lot of it relies on other companies rather than Microsoft alone. The main distribution method of Windows is OEM installs, meaning that Microsoft pretty much has to trust OEMs to not lie about their installs and such - this has a lot of fraud potential (which is why you can find so many heavily discounted OEM windows install keys on shady websites...). 
Microsoft does sell a lot of goods digitally, including Microsoft Office (their top product). This allows Microsoft to sell directly to consumers, but it could also cause internal control issues - an employee with access could easily generate an illegitimate (ie, not paid for) install key for themselves, friends/relatives, or illegitimate customers if not properly prevented by internal controls. 
Because of their aforementioned reliance on other companies, the employee doesn't even need to be a Microsoft Employee.  Institutional customers who buy bulk licenses present a similar problem. For example, Microsoft has to trust UMUC to be honest about what they do with those Office licenses they're supposed to be giving out to students. 
Many microsoft digital products, such as those for digital xbox live codes or content, or activation codes for Microsoft Office are under similar control issues. They often require Microsoft to simply trust the distributor to be honest about lost or non-working codes, and an internal control issue at Amazon or GameStop will affect Microsoft as well.
Physical content such as a game disk or an Xbox one console might not have the same control issues as digital content, but they have challenges of their own. An employee could simply record one fewer received than they actually did and walk off with one Xbox one if effective controls didn't stop them - and who's going to notice the difference between 47,578 and 47,577? I am certainly not going to reach every Microsoft warehouse on the planet and count "one, two, three...forty-seven thousand five hundred seventy-seven, forty-seven thousand five hundred seventy-eight" out by hand, but rather I will judge and test the effectiveness of the internal controls, and how effective they would be at preventive scenarios such as that.
