Microsoft is the single largest software vendor in most enterprise IT budgets. Every employee has a Microsoft 365 licence. The servers run Windows and SQL Server. The cloud workloads are on Azure. Finance uses Dynamics 365. And somewhere in the background, an Enterprise Agreement governs all of it — a contract worth millions of dollars per year, renewed every three years, that most organisations manage on autopilot. That autopilot is expensive. Enterprises that actively manage their Microsoft licensing spend 20–35% less than those that do not. The difference is not negotiation skill or political leverage. It is knowledge. The person who understands how Microsoft licensing works — how the agreements are structured, how the metrics are counted, where the costs hide, and where the negotiation leverage lives — makes better decisions at every stage of the relationship. This guide gives you that understanding. No assumptions about what you already know. No Microsoft jargon without explanation. No sales pitch. Just the operational reality of Microsoft licensing, explained for the person who needs to understand it now.
The first thing every beginner needs to understand is that “Microsoft licensing” is not a single system. It is a collection of overlapping commercial frameworks, product-specific licensing models, and agreement types that have evolved over three decades. Microsoft 365 is licensed per user. Windows Server is licensed per physical core. Azure is licensed by consumption. Dynamics 365 uses a combination of per-user and per-application pricing. And the agreement that governs all of it — your Enterprise Agreement, Cloud Solution Provider subscription, or Microsoft Customer Agreement — determines the pricing, the flexibility, and the rules for everything underneath.
This layered complexity is not accidental. Each layer generates revenue. Each layer creates opportunities for the enterprise that understands it and costs for the enterprise that does not. The good news: the system is learnable. Once you understand the building blocks, the entire structure makes sense — and the opportunities for optimisation become visible.
Before you can understand any Microsoft product’s licensing, you need to understand the commercial vehicle through which your organisation purchases Microsoft software. The agreement type determines the pricing, the discount structure, the flexibility to add or remove licences, and the renewal mechanics.
The Enterprise Agreement is Microsoft’s primary programme for large organisations (500+ users or devices). An EA is a 3-year contract where the organisation commits to a set of Microsoft products at agreed pricing. The EA provides organisation-wide deployment rights, volume discounts, and a structured framework for managing the Microsoft relationship.
How it works in practice: Your organisation commits to licensing Microsoft 365 (and potentially Windows Server, SQL Server, and other products) for all qualifying users for 3 years. Pricing is locked at the start of the term. Each year, you report changes in user or device counts through an annual true-up — if you added 200 users, you pay for 200 additional licences. At the end of 3 years, you negotiate the renewal.
Why it matters: The EA renewal is the single highest-leverage commercial event in the Microsoft relationship. The pricing set at renewal governs your Microsoft costs for the next 3 years. Organisations that prepare for renewal 12–18 months in advance and negotiate with competitive leverage achieve 15–25% better pricing than those that treat renewal as an administrative event. See the EA Negotiation Guide and the renewal preparation toolkit.
The MCA is Microsoft’s newer agreement framework that is gradually being positioned as an alternative to the EA. Unlike the EA’s fixed 3-year term, the MCA offers more flexible subscription structures. Microsoft is actively steering organisations towards MCAs at renewal, particularly for cloud-first organisations. The MCA provides flexibility but may reduce your negotiation leverage compared to the large upfront commitment of an EA. See the CIO playbook for EA vs MCA vs CSP.
The CSP programme lets you purchase Microsoft cloud subscriptions through a Microsoft partner rather than directly from Microsoft. CSP uses monthly or annual subscriptions and is designed for mid-market organisations or those wanting per-seat flexibility. CSP pricing is generally higher per unit than EA pricing, but there is no 500-user minimum and no 3-year commitment. For the comparison, see CSP vs EA for Microsoft 365 and EA vs CSP vs MCA decision guide.
Microsoft 365 is the product that touches every employee. It includes email (Exchange Online), collaboration (Teams, SharePoint), file storage (OneDrive), and the Office applications (Word, Excel, PowerPoint, Outlook). For most enterprises, Microsoft 365 is the single largest Microsoft line item.
Microsoft 365 comes in three enterprise plans, and choosing the right one for each user is the first major optimisation opportunity:
Microsoft 365 F3 costs approximately $8 per user per month. It is designed for frontline workers — retail staff, factory workers, healthcare workers, warehouse employees — who primarily work on shared or mobile devices. F3 includes basic email (2 GB mailbox), web-based Office applications (not the desktop versions), Teams, and basic security. If the employee does not need full desktop Office apps and works primarily on shared devices, F3 is the right licence.
Microsoft 365 E3 costs approximately $36 per user per month. It is the standard licence for knowledge workers. E3 includes full desktop Office applications, 100 GB email, Teams, SharePoint, OneDrive, Intune device management, and foundational security. Approximately 70–80% of knowledge workers in a typical enterprise need E3 and nothing more.
Microsoft 365 E5 costs approximately $57 per user per month. It includes everything in E3 plus advanced security (Microsoft Defender for Office 365, Cloud App Security), advanced compliance (eDiscovery Premium, Advanced Audit), and the Phone System for Teams voice calling. E5 costs 58% more than E3 per user. The enterprise should only assign E5 to users who specifically require the advanced security, compliance, or telephony features.
The money-saving principle: Do not assign every employee the same plan. Segment your workforce: frontline workers on F3, standard knowledge workers on E3, and only the users who need advanced capabilities on E5. A 10,000-person enterprise that moves 2,000 frontline workers from E3 to F3 saves approximately $672,000 per year. Use the Microsoft 365 licence optimisation calculator to model the savings for your organisation. For the detailed plan selection guide, see the CIO playbook for selecting the right M365 plan.
The add-on trap: Beyond the core plans, Microsoft sells dozens of add-ons: Power BI Pro, Microsoft Project, Visio, additional Intune features, Defender add-ons, compliance add-ons, and more. Each add-on is priced per user per month, and each one seems individually reasonable. But across an enterprise, the cumulative add-on cost can increase the per-user Microsoft cost by 30–50% beyond the base plan. Every add-on approval should go through procurement, not just IT. For the add-on analysis, see the CIO playbook for E5 security and compliance add-ons.
Azure is Microsoft’s cloud platform, and its licensing model is fundamentally different from everything else in the Microsoft ecosystem. Microsoft 365 charges per user per month — predictable and stable. Azure charges based on consumption: the compute hours, storage gigabytes, network bandwidth, and specific services you use. The Azure bill can vary significantly month to month based on workload activity.
How Azure billing works: Every Azure service has a published per-unit price. A virtual machine costs a certain amount per hour. Storage costs a certain amount per gigabyte per month. Data transfer costs a certain amount per gigabyte. A database service costs based on the compute and storage provisioned. The total Azure bill is the sum of all these consumption charges across all services in the account.
Azure commitments: Within an EA, organisations can pre-purchase Azure consumption at a discount. This commitment (known as MACC — Microsoft Azure Consumption Commitment) provides better pricing than pay-as-you-go. However, if you commit to more than you consume, the unused portion is wasted. If you commit to less than you consume, the excess is billed at the higher pay-as-you-go rate. Getting the commitment level right requires accurate forecasting. See negotiating Azure commitments and managing Azure overages.
The cost control essentials: Azure costs are manageable, but only with active governance. Reserved Instances (pre-purchasing specific VM sizes for 1 or 3 years) save 30–72% versus pay-as-you-go. Azure Hybrid Benefit (applying existing Windows Server and SQL Server licences to Azure VMs) saves 40–55%. Right-sizing VMs to match actual workload requirements saves 20–40%. Without these optimisations, enterprises routinely overspend on Azure by 25–40%. For the complete framework, see the Azure cost optimisation playbook and the Azure cost optimisation assessment.
If your organisation runs servers — either physical servers in a data centre or virtual machines in a private cloud — you are almost certainly running Windows Server and possibly SQL Server. These products use a different licensing model from Microsoft 365: they are licensed per physical core on the server, not per user.
Windows Server comes in two editions. Standard Edition is for servers running a small number of virtual machines (VMs) — each set of 16 core licences covers 2 VMs. Datacenter Edition costs more but provides unlimited virtualisation rights on the licensed physical server. When a host runs more than approximately 4–8 VMs, Datacenter becomes cheaper than stacking multiple Standard licence sets.
The critical detail: Windows Server is licensed based on the physical cores of the host server, not the virtual resources allocated to VMs. A server with 32 physical cores requires 32 core licences (purchased in packs of 16 for Standard, minimum 16 cores per server). In virtualised environments, the licensing must cover the physical host, not just the VM. Windows Server virtualisation licensing is the single most common source of Microsoft compliance findings. For more detail, see our Microsoft virtualization licensing.
Additionally, every user or device accessing Windows Server services needs a Client Access Licence (CAL) — a separate per-user or per-device licence on top of the server core licences. For more detail, see Windows Server core-based licensing mechanics and the SAM professional’s guide.
SQL Server is Microsoft’s database engine, licensed per core in two editions. Standard Edition (~$3,945 per 2-core pack) is for departmental databases and workloads that do not need Enterprise features. Enterprise Edition (~$15,123 per 2-core pack) is for mission-critical databases needing advanced features like Always On Availability Groups, columnstore indexes, and in-memory processing.
Enterprise Edition is 3.8x more expensive per core than Standard. If your database does not specifically require Enterprise-only features, it should be running Standard. The edition strategy guide explains exactly which features require Enterprise and which do not. Use the SQL Server licensing calculator to model costs. For compliance pitfalls, see common SQL Server compliance pitfalls and SQL Server licensing in hybrid and multi-cloud environments.
Dynamics 365 is Microsoft’s suite of business applications — Sales, Customer Service, Finance, Supply Chain Management, Human Resources, and Marketing. Unlike Microsoft 365 (where one licence covers the entire suite of productivity tools), Dynamics 365 is licensed per application. Each application has its own per-user price, and users must be individually licensed for each application they access.
The key concept for beginners: Dynamics 365 uses a base + attach model. A user’s first Dynamics 365 application is the “base” licence (full price). Additional applications for the same user are “attach” licences at a 60–70% discount. This creates an incentive to adopt multiple Dynamics 365 applications — which is exactly Microsoft’s intent. Be deliberate about which applications you license and for whom. See Dynamics 365 licensing and renewals, common Dynamics 365 licensing mistakes, and the CIO playbook for Dynamics 365 contracts.
Microsoft 365 Copilot is the most significant new Microsoft licensing cost in 2026. Copilot is Microsoft’s AI assistant, embedded in Word, Excel, PowerPoint, Outlook, and Teams. It costs $30 per user per month — on top of the existing Microsoft 365 licence.
A user with E3 + Copilot pays $66/month. A user with E5 + Copilot pays $87/month. For a 5,000-user enterprise deploying Copilot to all users, the annual Copilot cost alone is $1.8 million.
The beginner’s guide to Copilot economics: Copilot does not need to be deployed to every user. Not every user will benefit equally. A phased approach — deploying to high-value users first (executives, analysts, sales, content creators), measuring productivity gains, and expanding only where the ROI is demonstrated — controls cost while building the business case. The enterprise that deploys Copilot to 100% of users on day one pays for 100% of the licences while the real productivity benefit is concentrated in perhaps 20–30% of the user base. See the CIO playbook for Copilot adoption, negotiating Copilot pricing, and the Copilot ROI assessment.
Software Assurance (SA) is Microsoft’s annual maintenance programme for on-premise products like Windows Server, SQL Server, and Office. It costs 25–29% of the licence price per year and provides version upgrade rights, deployment flexibility, training vouchers, and Azure Hybrid Benefit.
When SA is worth it: SA delivers genuine value when you are actively using the benefits. The most valuable benefit for most enterprises is Azure Hybrid Benefit — the ability to use your existing Windows Server and SQL Server licences to reduce Azure VM costs by 40–55%. If your organisation is migrating workloads to Azure, SA on those server products is a strong investment. Version upgrade rights are also valuable if you plan to upgrade to newer versions of the software.
When SA is a waste: SA on products that will never be upgraded, will never be moved to Azure, and where the training vouchers and other benefits go unused is a pure cost. Paying 25% per year for rights you never exercise means the SA costs more than the original licence within 4 years. The decision to renew or drop SA should be made product by product, not as a blanket policy. See the Software Assurance CIO playbook and SA benefits for SQL Server.
If your organisation has an Enterprise Agreement, you face an annual event called the true-up. Each year, on the anniversary of the EA, you must report any changes in the number of users, devices, or servers since the last count. If you added users, you pay for the additional licences. If you reduced users, the reduction typically cannot be credited until the EA renews (you can reduce down at renewal, not during the term).
Why it matters for beginners: The true-up is where money quietly disappears. Most organisations over-report because they lack accurate licence deployment data. The IT team estimates user counts, adds a buffer, and submits the number. That buffer is invoiced at full price. Across three years of true-ups, the cumulative over-reporting can represent 5–15% of the total EA value.
What to do: Appoint one person as the true-up owner. Conduct a thorough licence inventory 60 days before each anniversary date. Reconcile active user counts in Azure Active Directory against actual Microsoft 365 licence assignments. Remove terminated employees, dormant accounts, and service accounts that do not require paid licences. Accuracy at true-up is the simplest, most reliable way to avoid unnecessary Microsoft costs. See the true-up guide and the licence usage review template.
Microsoft conducts licence compliance reviews to verify that your deployed Microsoft products match your purchased entitlements. Microsoft’s audit approach is less aggressive than Oracle’s, but the financial consequences of non-compliance are still significant — back-billing, licence purchases at list price, and potential penalties.
How it starts: Microsoft typically initiates a “SAM engagement” (Software Asset Management review) positioned as a helpful optimisation exercise. The output is a report comparing your deployments to your entitlements. If the report reveals non-compliance, Microsoft escalates to a formal resolution process. See the Microsoft audit CIO playbook.
The most common findings: Windows Server virtualisation miscounts (not enough core licences for the physical hosts running VMs), SQL Server edition discrepancies (Enterprise Edition deployed where Standard is licensed), Microsoft 365 deployments exceeding purchased quantities, and missing Client Access Licences. These findings are preventable through regular internal reviews using SAM tools.
What to do if it happens: Do not panic, and do not accept the findings at face value. Conduct your own internal assessment. Challenge the counting methodology. Remediate where possible (remove unlicensed software, downgrade editions) rather than purchasing additional licences. Negotiate the settlement — Microsoft’s initial compliance claim is a starting position, not a final number. See the audit survival checklist, negotiating audit outcomes, and our audit defence service.
Locate your current Microsoft agreement (EA, MCA, or CSP contract). Know what it covers, when it expires, and who in your organisation manages it. If nobody can find it or explain it, you already have a problem. For the contract reference, see EA contract guide for legal teams.
If you have an EA, find the renewal date. Count backwards 12–18 months. That is when you should start preparing. If the renewal is less than 6 months away and you have not started preparing, engage independent advisory immediately. See the renewal planning strategy.
Run a report from Azure Active Directory showing all users with Microsoft 365 licences assigned. Compare this against your HR headcount and your EA commitment. The gap between “assigned licences” and “people who need licences” is the first optimisation opportunity. Use the licence usage review template.
Identify which employees are on F3, E3, and E5. Are frontline workers on E3 who should be on F3? Are standard knowledge workers on E5 who only need E3? Reassigning users to the correct plan is the fastest path to savings. See the M365 plan selection playbook.
Create an inventory of all physical servers running Windows Server and SQL Server. Record the core count, the Windows Server edition (Standard or Datacenter), the SQL Server edition (Standard or Enterprise), and the number of VMs per host. This inventory is the foundation for compliance and cost management. See auditing your Microsoft licence usage.
Pull 6 months of Azure invoices. Identify the top cost drivers (which services, which resource groups, which subscriptions). Determine what percentage of your Azure spend is on Reserved Instances vs pay-as-you-go. If more than 30% of your stable workloads are on pay-as-you-go, you are overspending. See the Azure cost optimisation playbook.
List every product covered by Software Assurance. For each, ask: are we using Azure Hybrid Benefit? Are we planning to upgrade? Are we planning to migrate to Azure? If the answer to all three is no, consider whether SA is delivering value. See the SA evaluation playbook.
Search for users who have both a Microsoft 365 licence and a standalone Exchange Online licence, or both E3 and standalone add-ons that are already included in E3. Redundant licensing is more common than most organisations realise and represents pure waste.
If Microsoft is pitching Copilot, do not deploy to all users. Start with a pilot of 50–100 high-value users, measure the productivity impact, and expand only where the ROI is demonstrated. At $30/user/month, Copilot is the most expensive per-user add-on Microsoft has ever launched. See the Copilot ROI assessment.
For EA renewals, major Azure commitments, audit responses, and any Microsoft transaction exceeding $500K, engage independent Microsoft licensing advisory. The advisory fee is typically 5–10% of the cost reduction achieved. Microsoft has a team of licensing specialists working for Microsoft’s interests. Without equivalent expertise on your side, you are negotiating at a structural disadvantage. See the procurement manager’s negotiation guide.
“Microsoft licensing is not inherently complicated. It is expansive. There are many products, many agreement types, and many commercial variables. But each individual concept is learnable, and once learned, it becomes a lever for cost control. The enterprise that invests the time to understand how Microsoft licensing works saves 20–35% annually compared to those that delegate this to Microsoft’s account team. Microsoft’s account team is helpful, knowledgeable, and professionally supportive — and they work for Microsoft. The person who should be managing your Microsoft licensing is the person who works for you.” — Fredrik Filipsson, Co-Founder, Redress Compliance
Microsoft licensing is the commercial framework that determines how much your organisation pays to use Microsoft software. It encompasses the agreement type (Enterprise Agreement, MCA, or CSP), the per-product licensing models (per-user for Microsoft 365, per-core for Windows Server and SQL Server, consumption-based for Azure), and the supporting programmes (Software Assurance, true-ups, Unified Support). Each component has its own rules, pricing, and optimisation opportunities.
Microsoft 365 E3 ($36/user/month) includes the standard productivity suite: full Office desktop apps, Exchange Online (100 GB), Teams, SharePoint, OneDrive, Intune, and foundational security. E5 ($57/user/month) adds advanced security (Defender for Office 365 Plan 2, Cloud App Security, Azure AD P2), advanced compliance (eDiscovery Premium, Advanced Audit), and the Phone System for Teams voice. E5 costs 58% more and should only be assigned to users who require the specific advanced capabilities.
An Enterprise Agreement (EA) is Microsoft’s primary licensing programme for large organisations (500+ users). It is a 3-year contract that provides organisation-wide deployment rights at negotiated pricing with annual true-up obligations. The EA is typically the most cost-effective agreement type for large enterprises because the 3-year commitment enables volume discounts and negotiation leverage.
The true-up is an annual reconciliation process within an Enterprise Agreement. Each year, on the EA anniversary date, the enterprise reports changes in the number of licensed users, devices, or servers. Net additions are invoiced at the EA-contracted pricing. Net reductions typically cannot be credited until the EA renews. Accurate true-up reporting prevents over-paying for licences that are not needed.
Yes. Microsoft conducts licence compliance reviews, typically beginning as a “SAM engagement” (Software Asset Management review). The most common audit findings involve Windows Server virtualisation miscounts, SQL Server edition discrepancies, and Microsoft 365 deployment exceeding purchased quantities. Regular internal licence reviews using SAM tools prevent most audit findings.
Redress Compliance provides independent Microsoft licensing assessments for organisations that need clarity on their licensing position, compliance status, and cost optimisation opportunities. No Microsoft commercial relationship. No conflicts of interest. Just the facts.