Microsoft licensing for remote work and VDI: the CIO decision path.

Microsoft licensing for remote work and VDI turns on three choices, per user versus per device, Windows 365 versus Azure Virtual Desktop, and how external workers are covered, and each choice carries a different cost curve.

Which licenses actually cover remote work and VDI?

Most enterprise VDI rights travel with Microsoft 365 subscriptions. M365 E3 and E5 include Windows Enterprise per user rights, which cover virtual desktop access across Azure Virtual Desktop and qualify users for Windows 365.

The authoritative text lives in the Microsoft Product Terms, and the licensing guides on Microsoft's licensing documentation site map the scenarios. Buy nothing for VDI until the existing subscription rights are mapped.

• M365 E3/E5: Windows Enterprise per user, AVD use rights, Windows 365 eligibility.
• VDA E3/E5: for devices and users without qualifying Windows licenses, including thin clients.
• RDS CALs: still required for session host architectures on Windows Server.
• Intune and Entra: management and identity layers that remote scenarios assume.

Where does double licensing creep in?

Procurement buys VDA or add on VDI bundles while the estate already holds E3. In roughly half our reviewed estates, at least one population carried two overlapping rights for the same access, bought in different budget cycles by different teams.

When does per user beat per device licensing?

Per user licensing covers one named user across all their devices; per device covers one machine for any user. Hybrid work flipped the economics: a worker with a laptop, a home desktop, and a tablet is three device licenses or one user license.

What about shared and shift device populations?

Per device remains right where headcount exceeds devices: manufacturing floors, clinical workstations, retail kiosks. The mistake is letting one model default across the estate; segment populations and license each by its usage shape.

How do you choose between Windows 365 and AVD?

Windows 365 prices per user per month at fixed SKU sizes, a subscription you can forecast. AVD prices as Azure consumption, compute, storage, and networking you optimize. Predictability versus optimization is the entire decision.

• Windows 365 fits: stable full day workers, simple operations teams, fixed budget owners.
• AVD fits: pooled multi session estates, bursty or seasonal usage, teams with FinOps muscle.
• Mixed estates win: most enterprises in our file landed on W365 for stable populations and AVD for pooled and bursty ones.

What does AVD optimization actually require?

Auto scaling host pools, right sized VM families, reserved instances or savings plans on the base load, and FSLogix profile storage tiering. Unoptimized AVD routinely costs more than Windows 365; optimized AVD on pooled workloads routinely costs less.

How do the cost curves cross?

Windows 365 is flat per user; AVD falls with density and scheduling discipline. In our models the curves crossed around moderate pooling ratios: above roughly three users per vCPU equivalent with scheduled scaling, AVD won; below it, Windows 365 did.

How should external and offshore workers be licensed?

Contractors, outsourcers, and BPO staff accessing your virtual desktops need licenses through your agreements or verified coverage through theirs. Assuming the supplier handles it is the single most common audit finding in remote work estates.

1. Inventory every external population with virtual desktop or M365 access.
2. Decide the licensing path per population: your tenancy or verified supplier coverage.
3. Paper supplier obligations: who licenses, who proves it, who pays findings.
4. Scope external identities into the right license SKUs, not full E5 by default.
5. Review quarterly; external populations churn faster than employee counts.

Does geography change the answer?

Multi region access changes data residency and sometimes pricing program eligibility, but the licensing obligation follows the tenant and the user, not the desk. Offshore BPO staff on your tenant are your licensing problem wherever they sit.

Where the common advice on Microsoft VDI licensing is wrong

The standard advice frames Windows 365 versus AVD as a technology choice for architects to settle. We disagree. In roughly 25 to 35 remote work estates Morten Andersen reviewed between 2024 and 2025, the architecture mattered less than two commercial facts: half the estates were double licensed for rights E3 already granted, and external worker coverage drove most actual audit exposure. The buyer side move is to map existing entitlements and fix external populations before comparing desktop technologies at all. Choosing between W365 and AVD while double paying for Windows rights is optimizing the wrong invoice.

What the engagement data shows

Three cuts of our advisory engagement file frame the size of the opportunity.

What to do next

Five moves turn this analysis into a lower invoice on the next renewal.

A sequence you can run this quarter

1. Map existing M365 E3 and E5 entitlements against every VDI purchase.
2. Segment worker populations: hybrid, shared device, thin client, external.
3. Assign per user, per device, or VDA licensing per population, not estate wide.
4. Model Windows 365 against optimized AVD with real usage profiles.
5. Inventory and paper every external population's licensing path.
6. Kill double licensed SKUs at the next renewal and bank the savings.

White Paper · Microsoft

Microsoft 365 E7 Decision Framework

Microsoft 365 E7 decision framework. Read it free.

Read the white paper

Frequently asked questions

Do Microsoft 365 E3 and E5 include VDI rights?

Yes. Both include Windows Enterprise per user rights covering Azure Virtual Desktop access and Windows 365 eligibility. Roughly half the estates we reviewed were paying separately for rights their M365 subscriptions already granted.

When is per user licensing better than per device?

Whenever workers use multiple devices, which hybrid work made the norm. Per device stays right where many users share few machines, such as kiosks, clinical workstations, and manufacturing floors. Segment populations rather than defaulting either model estate wide.

Is Windows 365 or Azure Virtual Desktop cheaper?

Windows 365 is a flat per user subscription; AVD is metered Azure consumption that rewards optimization. In our models, pooled estates with scheduling discipline ran cheaper on AVD, stable full day single users ran cheaper on Windows 365, and mixed deployment beat either alone by 20 to 35 percent.

What is a VDA license and who needs it?

Virtual Desktop Access covers devices without qualifying Windows licenses, typically thin clients and BYOD scenarios outside per user rights. It is the add on most often bought unnecessarily for populations E3 already covers.

How should contractors on virtual desktops be licensed?

Through your agreements or through verified supplier coverage, decided population by population and papered in the supplier contract. External worker access was incorrectly licensed in 4 of 10 estates we reviewed and anchors most remote work audit exposure.

Are RDS CALs still required in 2026?

Yes, for session host architectures on Windows Server, including many on premises and hybrid VDI deployments. Cloud narratives skip them, but audits do not.