Many organisations say they have “reviewed their Microsoft licences” when what they really mean is that somebody compared this year’s invoice with last year’s invoice and approved the renewal.
That is not licence optimisation. That is expense control.
Real Microsoft licence optimisation means lining up usage data, user segmentation, security requirements and expected future demand so the organisation is paying for the right capability for the right users at the right time. Not more. Not less.
That distinction matters because most Microsoft overspend does not come from one dramatic mistake. It comes from dozens of smaller ones: users left on the wrong plan, add-ons that were never removed, E5 assigned as a default security answer, and nobody owning the process after the initial migration or reseller agreement.
If you want to reduce waste without creating operational or security gaps, the work has to be more disciplined than a renewal spreadsheet.
Start with usage data, not assumptions
The first step in any serious optimisation exercise is to replace opinion with evidence.
Most organisations have a rough internal narrative about who needs what:
“Finance probably needs the advanced plan.” “Warehouse staff only need something basic.” “IT should just be on E5 to be safe.”
Sometimes those assumptions are correct. Often they are only partially correct. That is why the work should start in the Microsoft 365 admin centre, not in a meeting room.
Under Reports -> Usage, Microsoft provides activity and adoption reporting that shows how services are being used across the tenant. The official Microsoft Learn guidance for activity reports and the more specific article on Microsoft 365 Apps usage are both useful references when you want to understand what can be measured and how to interpret it.
In practice, you are looking for patterns such as:
- licensed users with little or no meaningful activity over 30, 60 or 90 days
- users with desktop app entitlement who only work in web and mobile apps
- expensive security or compliance plans assigned to roles that do not justify them
- add-on subscriptions with low adoption or no active business owner
Usage data is not the whole story. It will not tell you everything about risk, policy or future state. But without it, licensing decisions tend to become political. With it, you can at least anchor the conversation in reality.
A simple working principle helps here: no licence change without demonstrated usage, a documented requirement, or both.
Segment users by how they work
The next step is user segmentation. This is where most avoidable spend becomes visible.
A surprising number of organisations still operate with a licensing model that looks like this: one plan for almost everyone, one more expensive plan for senior staff and IT, and a handful of add-ons layered on top over time. It is simple to administer, but usually inaccurate and expensive.
A more durable model groups users by working pattern, risk profile and capability requirement. In most environments, four to six segments are enough.
1. Light users
These users need email, Teams and perhaps access to a few browser-based applications. They rarely need full desktop apps, advanced device management or enterprise-grade compliance features.
2. Core office users
These are the classic knowledge workers using Outlook, Word, Excel, PowerPoint and Teams every day. They typically need desktop apps, but not necessarily the most advanced security or compliance layer.
3. Mobile or operational users
Field, warehouse, retail, service and production users often have a very different requirement set from head office staff. Device type, shared terminals and communication workflows matter more than tradition or org chart.
4. Security-sensitive knowledge workers
These users have access to financial data, HR information, confidential customer data or executive content. They may justify stronger identity control, better endpoint protection and tighter governance than the average office user.
5. Administrators and privileged roles
IT, security and a small number of key operational owners sit in a different category because compromise of these identities has a much higher impact. This is where premium licensing is often justified.
Once the segmentation is done properly, it becomes obvious that licence assignment should not follow job titles. It should follow real work patterns, actual access and clearly defined control requirements.
E3 or E5? Decide based on control needs, not on prestige
One of the most expensive patterns we see is the habit of treating E5 as the safe default.
The logic is understandable. Microsoft 365 E5 includes an impressive set of security, identity and compliance capabilities. But “most complete” is not the same as “most appropriate”.
If you need a practical reference point, Microsoft Learn’s comparison of ways to manage and secure devices is useful because it highlights how far Business Premium already goes for many organisations.
In practical terms, E5 is usually best reserved for users and roles with a clear requirement for capabilities such as:
- Entra ID P2-level identity controls and risk-based protection
- Privileged Identity Management for privileged accounts
- more advanced endpoint and email security capabilities
- higher-end compliance, investigation or regulatory control scenarios
If the role does not have a credible need for those controls, E5 often becomes an expensive answer to a vaguely defined concern.
That does not mean the rest of the organisation should automatically be pushed down to Business Standard. For many SMBs, Business Premium is the operational sweet spot because it brings together Intune, Conditional Access, Defender for Business and a stronger baseline security posture in one plan. That is exactly why E3/E5 decisions should be made in the context of the broader choice between Business Premium, E3, E5 and selected add-ons.
The right questions are more useful than the right slogans:
- Which roles actually have privileged access?
- Which users handle data that genuinely requires stronger controls?
- Which compliance requirements are explicit and documented?
- Which protections are already sufficiently covered at a lower tier?
Once those questions are answered properly, many organisations end up with a smaller and more defensible E5 population than they expected.
Do not ignore add-ons and overlap
Another common mistake is to look only at base licences.
That is rarely where all the waste sits. A meaningful share of overspend lives in add-ons, duplicate functionality and old subscriptions that were never revisited.
Typical examples include:
- Teams Phone licences still assigned after telephony moved elsewhere
- Visio or Project subscriptions purchased for one initiative and never cleaned up
- Power BI Pro licences on users who only consume reports and never publish
- users on E5 who also hold add-ons already covered by the suite
That is why every optimisation exercise should include a complete inventory of all active subscriptions, not just the number of Business Premium, E3 or E5 seats. Microsoft Learn’s guide to assigning licences to users is useful here not only for licence assignment, but also for structuring group-based licensing and understanding how entitlements are actually being applied.
If nobody can explain why an add-on exists, who actively uses it and which business process depends on it, it deserves scrutiny.
Future demand matters as much as current usage
Usage data is essential, but it is not enough. Licence optimisation becomes short-sighted if it is built only on the last 90 days.
You also need a view of what the organisation is moving towards.
That may include:
- planned growth in headcount or new business units
- a higher proportion of frontline or operational workers
- new customer, board or audit-driven security requirements
- rollout of Intune, Conditional Access or stronger identity governance
- new workloads such as Copilot, Teams Phone or Power Platform
- clean-up of shared mailboxes, guest access and service identities
If the business already knows it will require better identity governance or stronger device control in six months, aggressive down-licensing today may simply create rework tomorrow. On the other hand, it is equally wasteful to pay for future capability a year before it is actually needed.
The practical answer is to separate current requirements, approved future requirements and hypothetical scenarios. Only the first two should shape the active licence model.
Build a durable optimisation operating model
The difference between a one-off saving and a durable saving is the operating model behind it.
If licensing is reviewed only when finance sees a higher invoice, the waste comes back. In most organisations it comes back very quickly.
A workable operating model is usually straightforward.
Monthly
- remove licences from disabled and departed users
- review temporary add-ons, pilots and exceptions
- verify that trial or project-specific subscriptions are still needed
Microsoft’s official guidance on removing a former employee is a useful baseline because licence removal should be a formal offboarding step, not a memory-based admin task.
Quarterly
- review usage trends by segment
- compare real usage with assigned licence tier
- reassess the E5 population separately
- review add-ons, exceptions and overlapping entitlements
Before renewal
- run a full licensing review with IT, security, finance and HR
- compare hiring plans, business projects and compliance requirements with the next licensing period
- decide which changes should be implemented before the renewal date
That cadence sounds simple, but it is exactly what most organisations do not have.
The mistakes that keep recurring
These are the issues that most often make licensing more expensive than it needs to be.
Mistake 1: starting with price lists
A cheaper plan is not a saving if it removes functionality that users then replace with support calls, manual workarounds or additional products.
Mistake 2: segmenting by title instead of work pattern
“All managers on E5” and “all operations staff on Basic” may sound neat, but they are usually too crude to be accurate.
Mistake 3: weak offboarding discipline
Ghost users are still one of the fastest and most underappreciated savings opportunities. If HR and IT do not share ownership of offboarding, the problem persists.
Mistake 4: using E5 as a generic compliance answer
Some roles genuinely need it. Many do not. If the requirement cannot be described clearly, it is often uncertainty rather than a licensing need.
Mistake 5: forgetting future state
Over-correcting downward can create avoidable rework if new security initiatives or new workloads are already approved.
Mistake 6: never reviewing again
A good licence model last year is not automatically a good licence model this year.
What this means for your organisation
The good news is that Microsoft licence optimisation rarely requires a dramatic technical project. Most of the value comes from better governance, better segmentation and more consistent follow-up.
The less comfortable truth is that the work cannot be done well from an invoice alone. You need usage evidence, business context and security judgement if you want the outcome to hold after the first round of changes.
At inciro, we usually structure licensing work in four steps: establish the data set, define user segments, decide the target licence mix and put a lightweight operating model in place so the savings survive the next hiring cycle and the next renewal.
That is what turns a one-time clean-up into durable licence optimisation.
Book a strategic conversation - if you want a concrete view of where you are overlicensed and how to reduce waste without losing functionality.