Why an Internal Microsoft Licence Audit Matters
Most enterprises significantly overspend on Microsoft licensing. Internal audits routinely reveal that 15โ30% of Microsoft licences are shelfware โ paid for but sitting unused. In large organisations, that waste can quietly drain budgets by hundreds of thousands of pounds over a single contract term, compounding year after year through automatic true-ups and renewal baselines that nobody questions.
Microsoft will happily sell you the latest premium E5 bundles or additional add-ons, but it is your responsibility to ensure you are not overbuying. An internal Microsoft licence audit puts you back in control. By systematically examining your Microsoft 365, Azure, and on-premises licence usage, you uncover hidden waste and create the data foundation needed to negotiate from a position of strength.
Instead of accepting Microsoft's recommendations at face value, conduct your own EA usage audit. This proactive approach identifies the licences that are not delivering value, so you can trim excess before your annual true-up or renewal โ and enter negotiations armed with facts rather than guesswork.
Data Gathering
Export licence assignment and usage reports from M365 Admin Centre, Azure Cost Management, and on-premises discovery tools to establish a factual baseline.
Inactive Identification
Pinpoint departed employees, test accounts, shared mailboxes, and over-licensed users consuming budget without delivering value.
Utilisation Analysis
Examine per-service feature adoption to identify users on premium tiers (E5) who only use basic capabilities (E1/E3 functionality).
Continuous Governance
Build quarterly review cadences, automated inactivity flags, and IT governance integration to prevent shelfware from creeping back.
Defining the Audit Scope and Tools
Before diving into data, clarify what you will audit and how. A comprehensive internal audit should span all major areas of Microsoft licensing in your organisation โ cloud subscriptions (Microsoft 365, Azure), on-premises software covered under your Enterprise Agreement, and any hybrid or co-existence configurations that create licensing obligations in both environments.
๐ฏ Audit Scope Checklist
- Microsoft 365 / Office 365: All user accounts, assigned licences, and per-service usage data (Exchange, Teams, OneDrive, SharePoint, Copilot).
- Azure: Subscription inventory, resource utilisation, reserved instance coverage, and idle/orphaned resources.
- On-premises: Server licences (Windows Server, SQL Server, System Center), CALs, and desktop deployments (Office LTSC, Project, Visio).
- Hybrid configurations: Licence Mobility, Azure Hybrid Benefit usage, and dual-licensing obligations for workloads running in both environments.
- Add-on products: Power Platform (Power BI, Power Automate, Power Apps), Dynamics 365 modules, Defender suite, and Copilot licences.
| Data Source | What It Reveals | Access Method |
|---|---|---|
| M365 Admin Centre | Licence assignments, per-user service usage (60โ90 day reports), inactive accounts | Admin portal โ Reports โ Usage |
| Azure Cost Management | Resource consumption, idle VMs, orphaned storage, reserved instance utilisation | Azure Portal โ Cost Management + Billing |
| Entra ID (Azure AD) | Sign-in activity, last login dates, guest and external accounts | Entra Admin Centre โ Sign-in logs |
| SCCM / Intune | On-premises software deployments, device inventory, installed product versions | Configuration Manager reports / Intune portal |
| EA Agreement Summary | Contracted entitlements, SKU details, pricing tiers, true-up history | VLSC or Microsoft Business Centre |
Step 1 โ Gather Licence and Usage Data
Begin by collecting all relevant licence and usage data across your Microsoft environment. This establishes the factual baseline against which every subsequent analysis is measured. Without accurate data, optimisation decisions become guesswork โ and guesswork consistently favours Microsoft.
Export Microsoft 365 Licence Usage Reports
From the M365 Admin Centre, export the full licence assignment report showing every user account and its assigned licence SKU. Then pull 60โ90 day usage summaries for each service: Exchange (mailbox activity), Teams (meetings, messages), OneDrive (files stored/shared), SharePoint (site visits), and any premium workloads (Power BI, Copilot). This data reveals the gap between what you are paying for and what is actually being consumed.
Retrieve Azure Consumption Data
Export Azure usage and cost reports covering all subscriptions. Identify obvious waste: idle virtual machines running 24/7 with no traffic, orphaned disks and IP addresses, underutilised reserved instances, and development/test resources left running in production tiers. Azure waste is often invisible until you pull the data โ and it compounds silently month after month.
Inventory On-Premises Deployments
Use SCCM, Intune, or a third-party SAM tool to inventory all on-premises software installations. Compare deployed products against your EA entitlements to identify: licences purchased but never deployed (pure shelfware), products deployed beyond your entitlement count (compliance risk), and legacy versions still consuming licences that could be retired.
Cross-Reference Entitlements Against Actual Need
Overlay your EA entitlement schedule (from VLSC or Microsoft Business Centre) against the usage data collected above. Build a simple comparison: licences purchased vs. licences assigned vs. licences actively used. The gaps between these three numbers represent your optimisation opportunity.
Step 2 โ Identify Inactive and Mis-Provisioned Accounts
With usage data in hand, the next objective is to pinpoint accounts that hold licences but no longer need them โ or never should have been assigned a full licence in the first place. These accounts represent the most straightforward savings in any licence audit because they require no negotiation with Microsoft, only internal action.
Departed and Inactive Employees
Identify any employees who have left the organisation or have not logged in for 60+ days. Cross-reference Entra ID sign-in logs against HR records. Every departed employee still holding an M365 licence is pure waste โ 100% of that licence cost is recoverable immediately. In organisations with annual turnover of 10โ15%, this category alone can account for hundreds of unused licences.
Test, Shared, and Service Accounts
Identify service accounts, test users, training environments, and generic shared mailboxes that have been assigned full user licences. Many can be converted to shared mailboxes (no licence required), downgraded to Exchange Online Kiosk plans, or eliminated entirely. IT departments often create test accounts during deployments and forget to deprovision them โ each one silently consuming budget.
Over-Licensed Users
Active users on premium tiers who only use basic capabilities represent partial waste. An E5 licence assigned to someone who only uses email and Teams costs roughly 2.5ร more than the E3 licence they actually need. Identifying and downgrading these users typically saves 30โ40% per seat โ and in a 5,000-user organisation, even 10% of users being over-licensed can represent $200K+ in annual savings.
| Issue | Example Scenario | Savings Potential |
|---|---|---|
| Departed employees | Still assigned M365 E5 licence 3 months after leaving | 100% of licence cost |
| Test / training accounts | 20 test accounts with full E3 licences from a pilot deployment | 100% of licence cost |
| Shared mailbox with full licence | Reception mailbox on E3 instead of shared mailbox (free) | 100% of licence cost |
| Over-licensed staff (E5 โ E3) | Finance analyst using only Outlook and Excel on E5 | ~30โ40% per user |
| Over-licensed staff (E3 โ F3) | Frontline worker with E3 who only uses Teams on mobile | ~75% per user |
Global Logistics Firm: 1,400 Ghost Licences
Situation: A European logistics company with 8,000 employees engaged Redress Compliance for a pre-renewal licence audit. The company had not conducted an internal usage review in over two years.
Findings: The audit identified 620 licences assigned to employees who had left the organisation, 340 test and shared accounts with full E3 licences, and 440 users on E5 who only used email and Teams (E1-level functionality).
Takeaway: The most impactful savings in a Microsoft licence audit come from the simplest actions โ removing licences that should never have been there and right-sizing users to the tier they actually need.
Step 3 โ Analyse Service-Level Utilisation
Beyond identifying inactive accounts, the next layer of analysis examines how active users are consuming their licensed services. Even fully active accounts can represent significant waste if users are licensed for premium capabilities they never touch.
Map Feature Adoption by Licence Tier
For every user on E5, examine which premium workloads they actually use: Teams Phone System, Power BI Pro, Microsoft Defender for Office 365, eDiscovery, and Information Protection. If a user's activity is limited to Exchange, Teams chat/meetings, and Office desktop apps, they are consuming E3-level (or even E1-level) functionality at E5 pricing. Build a simple matrix: user โ licence tier โ services actually used โ recommended tier.
Audit Add-On Product Adoption
Separately examine add-on products with their own per-user licences: Visio Online, Project Online, Power Automate per-user, Power Apps per-user, Copilot for Microsoft 365, and Defender suite components. These products are frequently purchased in bulk during EA negotiations and then assigned broadly โ but actual adoption is often below 20%. If 100 Visio licences were purchased but only 12 users actively create diagrams, 88 licences can be reclaimed immediately.
Assess Azure Service Utilisation
For Azure, go beyond cost reports to examine resource-level utilisation: VM CPU and memory usage (are instances right-sized?), storage account access patterns (is data being accessed or just accumulating?), reserved instance coverage vs. on-demand spend, and development/test workloads running on production pricing tiers. Azure waste is typically 20โ30% of total spend in organisations without active FinOps practices.
"The difference between what organisations pay for and what they actually use is not a rounding error โ it is a strategic cost reduction opportunity. In our experience, every enterprise that conducts its first thorough Microsoft licence audit discovers at minimum 15% waste, and frequently 25% or more."
Step 4 โ Compile Optimisation Opportunities
Aggregate all findings from Steps 1โ3 into a concrete, prioritised action plan. Each optimisation opportunity should be tied to a specific financial impact so that stakeholders understand both the effort required and the return.
๐ฏ Optimisation Action Plan Template
- Reclaim unused licences: Remove licences from departed employees, test accounts, and shared mailboxes. Calculate the per-licence annual cost ร number of licences reclaimed = total annual saving.
- Downgrade over-licensed users: Switch E5 users to E3 (or E3 to F3 for frontline workers). Calculate the per-user cost differential ร number of downgrades = total annual saving.
- Eliminate low-adoption add-ons: Reduce Visio, Project, Power Automate, and Copilot licence counts to match actual usage. Calculate excess licences ร per-licence cost = total annual saving.
- Right-size Azure resources: Resize over-provisioned VMs, delete orphaned resources, convert on-demand to reserved instances. Estimate monthly savings ร 12 = total annual saving.
- Present the total: Sum all categories into a single annual savings figure. This number becomes your negotiation baseline โ "We have identified $X in optimisations that reduce our renewal scope by Y%."
| Category | Typical Finding | Typical Annual Saving |
|---|---|---|
| Departed employee licences | 5โ10% of total user count still licensed | $150โ400K (5,000-user org) |
| Test / shared accounts | 50โ200 accounts with unnecessary full licences | $30โ120K |
| E5 โ E3 downgrades | 10โ25% of E5 users need only E3 features | $100โ500K |
| Add-on shelfware | 60โ80% of Visio/Project/Power Platform unused | $50โ200K |
| Azure waste | 20โ30% of Azure spend on idle/over-provisioned resources | $80โ300K |
Step 5 โ Execute Clean-Up Before Renewal
With your optimisation plan documented and approved, execute the changes before your upcoming true-up or renewal date. Timing is critical โ you want the reduced licence counts reflected in your official entitlements when you sit at the negotiation table with Microsoft.
Remove and Revoke Unneeded Licences
Immediately unassign licences from accounts identified for removal: departed employees, test accounts, shared mailboxes converted to free plans. Process these in batches with a documented change log. Each removal directly reduces your renewal baseline and annual true-up count.
Execute Tier Downgrades
Carry out licence downgrades (E5 โ E3, E3 โ F3) for users who do not need premium features. Communicate changes to affected users and their managers in advance โ explain which features will be removed and confirm no business-critical functionality is lost. A well-communicated downgrade generates zero complaints; a surprise downgrade generates escalations.
Validate with Stakeholders
Before revoking any licence, verify with the relevant manager or system owner. Occasionally, an "inactive" account is a service account supporting an automated process, or a user on extended leave who will return. Spending 10 minutes verifying avoids the reputational cost of accidentally disrupting a critical workflow. Build a simple sign-off process: manager confirms โ IT executes โ change logged.
Healthcare Network: $740K Saved Before Renewal
Situation: A US healthcare network with 12,000 employees was 90 days from EA renewal. They engaged Redress Compliance to conduct a rapid licence audit. Microsoft's renewal proposal quoted 12,000 M365 E5 licences at a 10% discount โ totalling $5.4M annually.
Findings: The audit revealed: 800 licences assigned to departed staff, 1,600 clinical staff on E5 who only used Teams and Outlook on shared workstations (F3 candidates), and 200 Visio licences with only 25 active users.
Takeaway: Never negotiate Microsoft discounts before cleaning up your licence estate. Optimising your baseline first ensures that any percentage discount Microsoft offers is applied to the correct โ lower โ number.
Step 6 โ Build a Continuous Audit Process
A one-time audit delivers significant savings, but the value erodes within 12โ18 months as the organisation changes: new hires receive premium licences by default, projects deploy test environments that are never deprovisioned, and add-on products accumulate without review. The final step is to make licence auditing a continuous governance process rather than a pre-renewal scramble.
Establish Quarterly Review Cadence
Schedule internal licence usage reviews every quarter. Assign ownership to IT asset management or FinOps. Each quarterly review should take no more than 2โ3 days using the data sources and methodology established during the initial audit. Track findings and savings cumulatively to demonstrate ongoing value to leadership.
Automate Inactivity Detection
Define clear criteria for licence reclamation โ e.g., no sign-in activity for 60 days triggers a review, 90 days triggers automatic licence removal with a 7-day grace period notification to the user's manager. Use PowerShell scripts or third-party SAM tools to automate detection and alerting. Automation catches what manual reviews miss.
Integrate with HR and IT Governance
Connect licence provisioning and deprovisioning to HR onboarding/offboarding workflows. When an employee leaves, their licence should be automatically flagged for reclamation within 48 hours โ not discovered 6 months later during an audit. Require new projects and initiatives to submit licence requests with business justification, preventing the default pattern of assigning premium licences to everyone.
Report to Finance and Procurement
Produce a quarterly Microsoft licence optimisation report for Finance and Procurement stakeholders. Include: current utilisation rates by product and tier, licences reclaimed since last review, cost avoidance achieved, and projected savings for the next quarter. This reporting creates accountability and ensures licence management remains visible at the leadership level โ not buried in IT operations.
"Organisations that build continuous licence governance consistently spend 15โ20% less on Microsoft over a 3-year EA term than those that only audit at renewal time. The compounding effect of quarterly clean-ups โ preventing shelfware from accumulating โ is more powerful than any single negotiation tactic."
Audit Readiness Checklist
๐ฏ Microsoft Licence Audit โ Complete Checklist
- โ M365 usage reports exported โ licence assignments, per-service usage (60โ90 day window), and last sign-in dates.
- โ Azure consumption data retrieved โ resource utilisation, idle VMs, orphaned resources, reserved instance coverage.
- โ On-premises inventory complete โ SCCM/Intune deployment data compared against EA entitlements.
- โ Inactive accounts identified โ departed employees, test accounts, shared mailboxes flagged for removal.
- โ Over-licensed users mapped โ E5 users on E3 functionality, E3 users on F3 functionality documented with recommended tier.
- โ Add-on adoption audited โ Visio, Project, Power Platform, Copilot, and Defender licence counts vs actual usage.
- โ Optimisation plan with savings calculated โ per-category annual savings summed into total target figure.
- โ Clean-up executed before true-up/renewal โ removals, downgrades, and add-on reductions completed and documented.
- โ Stakeholder sign-off obtained โ manager verification for all licence changes to avoid accidental disruptions.
- โ Quarterly review cadence established โ ownership assigned, automation configured, reporting template created.