A Toronto-based financial services company with 6,000 employees and CAD $3 billion in revenue was facing a Microsoft EA renewal with a 12% price increase. Microsoft was pushing enterprise-wide E5 adoption, but most users did not need the advanced features. Redress Compliance conducted a thorough usage analysis, optimised the E5/E3 licence mix, eliminated shelfware, right-sized Azure commitments, and EA negotiation strategiesed an 18% cost reduction — saving CAD $4M over three years while strengthening compliance.
The client is a leading Canadian financial services company headquartered in Toronto, Ontario, with approximately 6,000 employees and CAD $3 billion in annual revenue. The company operates across the banking, insurance, and wealth management sectors, subject to strict Canadian federal and provincial regulatory requirements for data security, privacy, and compliance including OSFI (Office of the Superintendent of Financial Institutions) guidelines and PIPEDA (Personal Information Protection and Electronic Documents Act).
The Microsoft environment was broad and deeply embedded in the company’s operations. Most employees had Microsoft 365 licences (a mix of E3 and E5, with E5 allocated to compliance, security, and analytics teams for advanced features). The company made extensive use of Azure cloud for developing new digital banking services and hosting customer-facing applications, Dynamics 365 Customer Service for call centre operations, and Power BI for enterprise-wide reporting and regulatory analytics. The entire Microsoft estate was covered under a 3-year Microsoft Enterprise Agreement fundamentals that was approaching renewal.
The renewal coincided with internal budget pressure from the board to reduce IT spending by at least 10% without losing critical capabilities. Microsoft’s initial renewal proposal, however, moved in the opposite direction — reflecting a 12% price increase driven by expanded E5 adoption and higher Azure consumption commitments. This gap between the board’s cost-reduction mandate and Microsoft’s price increase created the impetus for engaging independent independent Microsoft advisory services support.
Canadian banking and insurance. Heavily regulated under OSFI and PIPEDA, requiring strict data residency, encryption, audit trails, and compliance tooling. Any licensing changes needed to maintain full regulatory compliance as a non-negotiable baseline.
Microsoft 365 E3/E5 (6,000 users), Azure cloud (digital banking and customer applications), Dynamics 365 Customer Service, Power BI Pro, Power Platform. Expiring 3-year EA with initial renewal quote of approximately CAD $22 million.
Board mandate to cut IT spend by 10% minimum. Microsoft’s renewal proposal reflected a 12% increase. The 22-percentage-point gap between the target and Microsoft’s ask required significant negotiation and optimisation to bridge.
CAD $3 billion revenue, 6,000 employees, multiple business lines across banking, wealth management, and insurance. The Microsoft EA supported core productivity, security, compliance, customer service, and cloud application development infrastructure.
The financial institution faced interconnected challenges that required simultaneous resolution — cutting costs while maintaining full compliance in a highly regulated Canadian financial environment where any licensing shortfall could trigger both Microsoft audit exposure and regulatory scrutiny from OSFI:
Microsoft’s renewal proposal included a significant expansion of M365 E5 licences, recommending E5 for all 6,000 employees on the basis of enhanced security and compliance capabilities. However, the advanced E5 features — Advanced eDiscovery, Microsoft Defender for Office 365, Advanced Compliance, and Power BI Pro — were only actively used by approximately 300 users in cybersecurity, legal, and data analytics roles. The remaining E5 holders were using only basic Office and email functionality that E3 provides. This blanket E5 approach was inflating the renewal cost by millions without delivering proportional value.
Over the previous EA term, the company had accumulated unused licences through employee attrition, overestimation at EA true-up best practicess, and pilot programmes that never reached enterprise deployment. Approximately 200 M365 licences sat dormant (from departed employees whose licences were never reclaimed), several Dynamics 365 Sales module licences from an abandoned pilot remained on the books, and Power Platform licences seeded across the organisation had minimal adoption outside IT. This shelfware represented a significant hidden cost in the renewal baseline.
The company had a sizable Azure reserved instance and consumption commitment, but not all business units were consuming their forecasted resources. Some development and test environments were running around the clock when they were only needed during business hours, and several proof-of-concept virtual machines from completed projects had never been decommissioned. The result was pockets of wasted Azure spend that would carry forward into the new commitment if not addressed.
As a regulated financial institution, the company had historically erred on the side of over-purchasing licences to avoid any risk of non-compliance during Microsoft true-ups. The fear of an audit shortfall — and the reputational and regulatory consequences in the financial sector — meant the IT procurement team routinely ordered more licences than strictly necessary. This cycle of defensive over-buying was a significant contributor to the inflated cost baseline that Microsoft’s renewal pricing was built upon.
Redress Compliance was engaged six months before the EA renewal deadline. The approach combined granular usage analysis with a risk-aligned optimisation strategy specifically designed for the regulatory requirements of a Canadian financial institution. Every recommendation was validated against OSFI guidelines and the bank’s internal compliance policies before being included in the negotiation position:
We assembled a cross-functional team with the client’s IT, compliance, and finance departments. Using Microsoft 365 usage reports and Azure consumption data, we audited every licence assignment against actual usage. The analysis revealed that approximately 700 of the 1,000 E5 licence holders were not using any E5-specific features. We also identified 200 dormant M365 licences, unused Dynamics 365 modules, and Azure resources running unnecessarily. This data provided the factual baseline for rightsizing the entire Microsoft estate.
Rather than arbitrarily cutting costs, we adopted a risk-aligned approach respecting the bank’s regulatory obligations. Users who genuinely needed E5 security and compliance features (approximately 300 in cybersecurity, legal, and analytics) retained E5. The remaining 700 E5 holders were planned for E3 downgrade with targeted add-ons where specific functionality was still needed. For example, a department head using only Power BI could move to E3 plus a standalone Power BI Pro licence — significantly cheaper while maintaining identical functionality.
We presented Microsoft with the usage data, demonstrating that the E5 upsell was not justified by actual usage patterns. We negotiated a custom compliance package: advanced security and compliance features (eDiscovery, Customer Lockbox) as add-on SKUs for a subset of 500 users at discounted rates, rather than requiring E5 for all 6,000. We leveraged competitive alternatives for Azure workloads to secure improved pricing and Canadian data residency guarantees at no additional cost.
The engagement produced specific, quantifiable outcomes across every component of the Microsoft EA. Each action was designed, validated against the bank’s OSFI compliance requirements, and approved by the compliance team before implementation to ensure no regulatory gaps were created by the optimisation:
700 unnecessary E5 licences were downgraded to E3, with targeted add-ons for approximately 200 users who needed specific advanced features (such as Power BI Pro or Advanced Compliance) but not the full E5 suite. Each downgrade was validated against the user’s role requirements and approved by the relevant department head to ensure no functionality was lost. The final licence mix was approximately 3,500 users on M365 E3, 300 on M365 E5 (cybersecurity, legal, and analytics teams), and 200 on E3 with compliance add-on SKUs. This granular approach reduced the M365 licensing bill by approximately 20% while maintaining full regulatory compliance across all user groups and all business units.
All 200 dormant M365 licences were identified, documented, and removed from the renewal baseline. Many had been assigned to employees who left the company months or even years earlier, but the licences were never reclaimed due to gaps in the offboarding process. The unused Dynamics 365 Sales module from an abandoned CRM pilot was stripped out entirely, saving approximately 15% on the Dynamics component. Power Platform licences with no recorded active usage were reclaimed. Going forward, licence assignments were formally integrated into the bank’s HR onboarding and offboarding processes, with automated provisioning through Azure Active Directory and automated deprovisioning within 48 hours of employee departure to prevent future shelfware accumulation.
The Azure commitment was completely recalibrated to realistic consumption levels based on six months of actual usage data rather than the optimistic forecasts that had inflated the previous agreement. Unnecessary test VMs and orphaned proof-of-concept environments from completed projects were identified and decommissioned, eliminating ongoing charges for resources providing no business value. Reserved instances were reviewed individually — some renewed at optimised sizing matched to actual workload requirements, others converted to pay-as-you-go for variable or seasonal workloads where commitment pricing offered no advantage. The new Azure commitment included a modest growth buffer (15%) rather than the previous substantial overcommitment, with negotiated flexibility terms allowing unused credits to roll forward to the next billing period. Expected Azure cost avoidance: approximately CAD $500,000 over the three-year EA term.
Microsoft agreed to offer advanced compliance and security features (Advanced eDiscovery, Customer Lockbox, Microsoft Defender for Office 365, and Information Barriers) as discounted add-on SKUs for a defined subset of 500 users, rather than requiring full E5 for all employees. This was a significant and unusual concession: it allowed the bank to maintain regulatory-grade security and compliance tooling for the users who genuinely needed these capabilities at a fraction of the cost of enterprise-wide E5 deployment. The custom package for these 200 users (E3 plus specific add-ons) cost approximately 40% less than equivalent E5 licences while providing identical functionality for their actual role requirements. Microsoft also provided Canadian data residency guarantees for all cloud services at no additional cost — essential for PIPEDA and OSFI compliance and a requirement the bank treated as non-negotiable throughout the discussions.
The renegotiated EA included several protective provisions that replaced the previous rigid structure: locked-in Azure pricing for the full 3-year term (protecting against Microsoft price increases that typically range 5–10% annually), flexible annual true-up terms allowing licence quantity adjustments both up and down with reduced administrative friction, and the contractual ability to roll over unused Azure credits to productive projects rather than forfeiting them at period end. These terms addressed the root causes of the over-purchasing cycle that had inflated the previous EA’s cost baseline, ensuring the bank could manage its Microsoft spend dynamically based on actual business requirements rather than defensive overcommitment.
The renegotiated EA delivered results that exceeded the board’s original 10% cost-reduction target while simultaneously strengthening the company’s compliance position and operational flexibility. The 18% saving was achieved through a combination of licence optimisation, shelfware elimination, Azure right-sizing, and negotiated discounts — all without removing any functionality required for regulatory compliance:
| Outcome Dimension | Result | Detail |
|---|---|---|
| Total Savings | CAD $4M / 18% | Microsoft’s renewal quote was approximately CAD $22M. Redress reduced it to CAD $18M through negotiated discounts, scope optimisation, and licence right-sizing. Exceeded the board’s 10% target by 80%. |
| M365 Optimisation | ~20% licensing reduction | 700 E5-to-E3 downgrades, 200 dormant licences eliminated, targeted compliance add-ons for 200 users. Per-user cost aligned to actual feature usage rather than blanket E5 pricing. |
| Azure Cost Avoidance | CAD $500K over 3 years | Right-sized commitment, decommissioned orphaned resources, optimised reserved instances. Unused credits roll forward to productive projects instead of being forfeited. |
| Dynamics 365 | ~15% Dynamics reduction | Unused Sales module licences from abandoned pilot removed. EA now covers only actively used modules (Customer Service, Finance). |
| Compliance | Strengthened | All regulatory requirements (OSFI, PIPEDA) met through tailored licence mix. Canadian data residency guaranteed at no additional cost. No compliance gaps created by optimisation. |
Beyond the immediate negotiation outcomes, Redress delivered a comprehensive Microsoft licensing governance framework designed to prevent the over-purchasing cycle from recurring, ensure the bank remains optimised throughout the EA term, and position the organisation for an equally strong negotiation at the next renewal in three years:
Structured quarterly reviews of M365 usage data, focusing on E5 feature adoption and identifying any expansion or contraction in requirements. If new compliance regulations require additional E5 features, the bank documents the need and addresses it at the next true-up rather than reactively over-purchasing.
Redress Compliance provides independent Microsoft licensing advisory — fixed-fee, no vendor affiliations. Our specialists help enterprises right-size EA commitments, benchmark pricing, and strengthen compliance posture.
Explore Microsoft Advisory Services →Licence management integrated into HR onboarding and offboarding processes. Licences are automatically provisioned when employees join and reclaimed within 48 hours of departure, eliminating the dormant licence accumulation that contributed hundreds of thousands in waste during the previous EA term.
Automated alerts for underutilised Azure resources. Any cloud resource running below 20% utilisation for 14 consecutive days is flagged for review and potential decommissioning. Reserved instance coverage is reviewed monthly against actual consumption patterns to optimise the commitment-to-pay-as-you-go ratio.
Templates for quarterly reporting to the CFO and board showing Microsoft ROI by component: how the E5/E3 mix is delivering compliance value, Azure consumption versus commitment, and cost-per-employee benchmarks against industry peers. This visibility ensures ongoing accountability for Microsoft spend efficiency.
This engagement illustrates several principles that apply broadly to any regulated organisation managing a Microsoft EA renewal, particularly those in financial services where compliance requirements add complexity to every licensing decision. These lessons are drawn directly from the negotiation experience and the patterns we observe consistently across our Microsoft advisory practice:
Microsoft routinely pushes E5 as the default for enterprise customers, citing security and compliance benefits. But E5 costs significantly more than E3, and in most organisations, only a small percentage of users need the advanced features. In this case, only 300 out of 6,000 employees (5%) genuinely required E5. The remaining users were paying E5 prices for E3-level functionality. Independent usage analysis is the most powerful tool to counter Microsoft’s E5 narrative with facts.
For users who need one or two specific E5 features (such as Power BI Pro or Advanced Compliance) but not the full E5 suite, standalone add-ons to an E3 licence are significantly cheaper. In this engagement, the custom compliance package for 200 users (E3 + specific add-ons) cost roughly 40% less than E5 licences while delivering identical functionality for those users’ actual needs. Always model the add-on alternative before accepting E5 pricing.
Buying more licences than needed does not make an organisation more compliant — it makes it more expensive. True compliance comes from accurate licence assignment that matches actual usage to entitlements, with documented evidence to support the position. A tightly managed licence estate with 100% utilisation is both more cost-effective and more audit-ready than an over-provisioned estate where nobody can demonstrate which licences are actively used.
Azure consumption commitments should be based on measured usage, not optimistic forecasts. Orphaned resources, oversized VMs, and always-on development environments are common sources of waste that inflate the baseline. In this case, cleaning up Azure before the renewal saved CAD $500K in avoidance costs. Always audit Azure utilisation before committing to a new consumption agreement.
Even in organisations deeply committed to Microsoft, signalling that alternative cloud providers (AWS, Google Cloud) are being evaluated for specific workloads creates genuine pricing pressure. In this engagement, competitive positioning contributed to Microsoft locking in Azure pricing for the full 3-year term and offering Canadian data residency at no additional cost. Microsoft’s pricing flexibility increases significantly when they believe workloads might move elsewhere.
“Redress Compliance helped us thread the needle — we met our regulators’ expectations and slashed costs. It was eye-opening to see how many of our high-end licences were going underused. Redress’s analysis provided us with the hard data to negotiate a significantly better deal with Microsoft. We got an 18% cost reduction, but just as importantly, we’re no longer paying for a one-size-fits-all package.” — CFO, Canadian Financial Institution
The engagement followed a structured 5-month timeline from initial assessment through to EA contract execution, ensuring comprehensive analysis preceded every negotiation position:
How ready is your organisation for its next Microsoft EA renewal? Our free assessment benchmarks your position and reveals right-sizing opportunities.
Take the Free Assessment →| Phase | Duration | Key Activities |
|---|---|---|
| Month 1: Discovery | 4 weeks | Cross-functional team assembled (IT, compliance, finance). M365 usage reports analysed for all 6,000 users. E5 feature utilisation mapped by user and department. Azure consumption data collected across all subscriptions and resource groups. |
| Month 2: Analysis | 4 weeks | E5/E3 optimisation model built. 700 E5 downgrade candidates identified and validated against compliance requirements. 200 dormant licences documented. Azure orphaned resources catalogued. Shelfware quantified across Dynamics 365 and Power Platform. |
| Month 3: Strategy | 4 weeks | Negotiation strategy developed with target pricing, discount benchmarks, and term requirements. Custom compliance package modelled (E3 + add-ons vs E5). Competitive alternatives for Azure workloads evaluated for leverage. Governance framework designed. |
| Month 4: Negotiation | 4 weeks | Led commercial negotiations with Microsoft. Presented usage data challenging E5 upsell. Secured custom compliance package, locked-in Azure pricing, Canadian data residency guarantee, and flexible true-up terms. Multiple counter-proposal rounds. |
| Month 5: Execution | 4 weeks | EA contract finalised and signed. Licence downgrades executed. Azure cleanup completed. Governance framework delivered including quarterly review templates, automated provisioning integration, and executive ROI reporting structure. |
This engagement demonstrates a pattern we see repeatedly in Microsoft EA renewals across the financial services sector and other regulated industries: organisations paying significantly more than necessary because Microsoft’s E5 upsell strategy deliberately exploits the natural conservatism of regulated industries. When compliance is paramount, the path of least resistance is to accept Microsoft’s recommendation for the most comprehensive (and most expensive) licence tier for everyone. The predictable result is millions in unnecessary spend that delivers no additional compliance value.
The Canadian bank’s experience shows that rigorous, independent usage analysis consistently reveals a wide gap between what Microsoft recommends and what organisations actually need in practice. In this case, 70% of E5 licence holders were not using any E5-specific features — they were paying premium prices for standard functionality. That is not an unusual ratio — across our Microsoft advisory engagements, we typically find that 60–80% of E5 licences in large enterprises could be replaced with E3 plus targeted add-ons at significantly lower cost, without any reduction in functionality or compliance coverage for the users involved.
For any financial institution approaching a Microsoft EA renewal, the principle is clear: challenge the E5 default with usage data, model the add-on alternative for every user group, and negotiate custom compliance packages rather than accepting blanket E5 pricing. The savings are substantial and repeatable, and the compliance position is actually strengthened rather than weakened by aligning licences precisely to actual requirements. Independent advisory support consistently delivers returns of 10–25x the engagement cost in direct savings alone, before accounting for the ongoing governance and cost-avoidance benefits that compound over the full EA term.
Based on our experience across multiple Microsoft EA engagements, organisations that conduct rigorous usage analysis and optimise their E5/E3 mix typically achieve 15–25% reductions in M365 licensing costs. The savings come from downgrading users who are not using E5-specific features to E3, replacing full E5 with E3 plus targeted add-ons where specific features are needed, and eliminating dormant licences. In this case, the M365 optimisation delivered approximately 20% savings on the licensing component.
Not if done carefully with a risk-aligned approach. The key is identifying which users genuinely need E5 compliance and security features (typically cybersecurity, legal, risk, and audit teams) and retaining E5 for those users. For other users who need one or two specific features, E3 plus targeted add-on SKUs provides identical functionality at lower cost. The compliance position is actually strengthened by this approach, because every licence assignment is documented and justified against actual usage requirements.
A custom compliance package bundles specific E5 features (such as Advanced eDiscovery, Customer Lockbox, or Microsoft Defender for Office 365) as add-on SKUs that can be assigned to a subset of users on E3 licences. This is significantly cheaper than upgrading those users to full E5, which includes many features they do not need. In this case, the custom package for 200 users cost approximately 40% less than equivalent E5 licences. Microsoft does not routinely offer this option — it must be negotiated explicitly with usage data supporting the case.
Azure commitments should be based on measured consumption data (at least 6 months of actual usage), not on forecasts or vendor recommendations. Include a modest growth buffer (10–15%) rather than overcommitting. Negotiate flexibility terms such as unused credit rollover, the ability to redirect credits to different services, and locked-in pricing for the full EA term. Before renewing, audit for orphaned resources, oversized instances, and always-on development environments that could be scheduled or decommissioned.
Yes. In this engagement, Microsoft agreed to Canadian data residency guarantees for all cloud services at no additional cost. Data residency is increasingly a standard offering as Microsoft expands its regional data centre footprint. However, it must be explicitly negotiated and documented in the EA terms — it is not automatically included. For regulated industries where data residency is a compliance requirement, this should be treated as a non-negotiable contract term.
We recommend quarterly reviews as a minimum for large enterprises. Quarterly cadence catches licence drift (users changing roles, departures not triggering licence reclamation, new feature adoption requiring tier changes) before it compounds into significant waste. Azure utilisation should be monitored monthly or continuously with automated alerts. The annual true-up should be preceded by a thorough review 60–90 days in advance to ensure quantities are accurate and no defensive over-purchasing occurs.
Before renewing, get an independent assessment of your Microsoft licence utilisation and EA terms. Redress Compliance provides E5/E3 optimisation, Azure right-sizing, benchmarking, and negotiation support — ensuring you get the best possible deal.
Book a Free Assessment Microsoft EA Optimisation Service →Book a free consultation with our licensing specialists. No obligations, no vendor ties — just independent advice tailored to your situation.
Book Your Free Consultation →