How to right-size your Microsoft 365 licenses

Most organizations don't know what they're actually paying for. Not in a "we haven't checked lately" way. More like a "licenses from a merger three years ago are still assigned to people who left" way.

That's what we took away from our webinar with Microsoft MVPs Eric Overfield and Noorez Khamis on how to stay in control of your M365 costs with a basic licensing strategy. With Microsoft's recent price increases and a new premium license, the session sparked a lot of discussion.

So we turned the key insights into this guide. Here's what to look for, where the waste actually hides, and what you can do about it.

‍

The real problem hiding in your M365 bill

When Microsoft 365 costs keep climbing, the easy assumption is that prices are just going up. Eric and Noorez of Creospark know this all too well. A lot of organizations they work with can't produce an accurate list of their current Microsoft 365 licenses. For example, they can't answer which licenses are actively used. Which features are deployed. Which seats are assigned to people who left six months ago.

"Licenses have been accumulated over the years. Mergers happened. Team changes happened. No one really did a clean audit. Some teams are over-licensed. Some features are being paid for that are completely unused." —Eric Overfield, Microsoft MVP

‍

So when costs go up, organizations tend to absorb the increase and add it on top of existing waste.

‍

5 overspending patterns in your tenant

Across hundreds of Microsoft 365 engagements, Creospark finds the same five patterns every time. Here's what they look like in practice.

1. Inactive licenses

Contractors who finished their projects. Staff who left but whose accounts weren't fully decommissioned. Roles that changed without the license changing with them.

In a typical mid-size environment, 8–15% of all assigned licenses are sitting completely unused, according to Noorez and Eric. In a 1,000-user organization on E5, that's roughly $10,000–$20,000 a month in waste. The fix is simple once you can see the data. The hard part is that most organizations don't have a live view of this so it accumulates quietly between annual reviews.

2. Duplicate capabilities

You're paying for a third-party MFA tool even though Entra MFA is included with E3. Your legal team has Purview eDiscovery but also maintains a legacy eDiscovery platform from before Purview was capable. Your analytics team has Power BI Pro in their E5 license and a Tableau subscription.

In every case, the duplicate predates the M365 capability that replaced it. The technical fix is usually straightforward. The political fix — who owns the legacy tool, who championed it — is harder.

3. Wrong tier for the user

This is the highest-leverage problem in most environments. E5 assigned to users who only ever use Word, Excel, and Outlook. E3 assigned to users who genuinely need Purview compliance tools and Power BI.

The result is the worst of both worlds: you pay for E5 for people who don't use it, and you under-serve the users who actually need the advanced capabilities.

‍

"You end up paying for E5 for users who don't use it, and under-protecting the users who actually need the protection. That's the worst of both worlds." —Noorez Khamis, Microsoft MVP

‍

4. Ungoverned add-ons

Audio Conferencing. Power BI Premium per user. Defender for Cloud Apps. Power Apps per user. Project. Visio.

Each one was bought for a specific use case — a project, a team, a person. The project ended. The person moved on. The add-on stayed. Individually, each one doesn't feel worth fighting about. Collectively, they can represent hundreds of thousands of dollars a year in spend that nobody's actively using. They almost never come up in tier-level licensing discussions, which is exactly how they survive for years.

5. No ongoing visibility

This is the pattern that makes all four others possible.

When you only run a license review annually (or less), the other patterns accumulate quietly in between. Nobody catches the contractor whose license wasn't reclaimed. Nobody flags the add-on that lapsed into non-use. Without ongoing visibility, wasted spend grows in the background while everyone's looking somewhere else.

‍

Right-size by persona, not by org

The most common licensing mistake Creospark sees isn't a SKU choice. It's treating the entire organization as a single user type.

Most organizations have at least four to six distinct personas. Each one has genuinely different productivity, security, compliance, and AI needs. Assigning E5 to knowledge workers because someone decided "we're an E5 company" wastes money. Assigning E3 to your security team because of a blanket policy leaves capability gaps.

The license tier should follow from the persona. Not the other way around.

A common breakdown looks something like this:

• Knowledge worker—the bulk of the workforce. Office apps, SharePoint, OneDrive. E3 covers everything they actually do.
• Power user—builds Power BI reports, runs Power Automate workflows, needs advanced analytics. May already justify E5 without a security driver.
• IT and security professional—lives in Defender, Intune, Purview. The premium tier is the job, not a bonus.
• Executive—may need advanced compliance and mobile management. Assess individually.
• Contractor—time-boxed access, needs strict offboarding. Often a candidate for F-tier licensing or a scoped add-on approach.
• Frontline worker—different apps, device patterns, and licensing model entirely.

Here's a tip:

"Stop thinking of licensing as a decision for your whole org. It really should be persona-based." —Eric Overfield, Microsoft MVP

‍

The lifecycle is where persona models break down

Persona-based licensing only works if it's connected to the user lifecycle. Onboarding, role changes, leave, and offboarding all create moments where licenses drift from where they should be.

A parental leave means a license sitting idle for months. A promotion means someone carries E5 features they no longer need. Offboarding (especially in fast-moving environments) leaves orphaned seats that nobody reclaims.

You need a governance process tied to each lifecycle event. And a tool like ShareGate Prrotect gives you that continuous visibility and helps enforce the cleanup automatically instead of relying on someone remembering to do it.

‍

Copilot, agents, and why the math is changing

Copilot is still an add-on for E3 and E5 users. E7 bundles it at the SKU level, which makes commercial sense for organizations already on E5 with a genuine plan to roll out Copilot to most of their workforce.

‍

But for most organizations, Creospark estimates only 20–30% of users will actually get enough ROI from Copilot to justify the per-seat cost.

The question isn't who could theoretically benefit. It's who will actually use it enough to earn back the license. That's usually a much shorter list than licensing conversations assume.

Why agents change the equation

AI agents are where the cost-value model gets interesting and where per-seat licensing logic starts to break down.

Per-seat licensing assumes value scales with headcount. More users, more productivity tools, more cost, right?

But agents don't work that way. One agent can serve many users. One agent can replace a licensed workflow entirely. As Eric put it:

‍

"Agents run a process. They don't sit at someone's desk."

‍

An AI strategy that shifts from "Copilot for everyone" to "agents for specific business processes" means fewer users may need premium-tier licenses. But the mix of what they need will look different. Licensing decisions made today can lock you in for 12–18 months. The agent mix inside that window will almost certainly change.

Keep your agents in check

The governance side is just as important! Many organizations haven't caught up to it yet.

Agent 365, bundled into E7 or available as a standalone add-on, gives IT a centralized registry of every agent running in the organization. Each agent gets its own identity, a named human sponsor, and a defined lifecycle: create, review, retire.

The principle is simple: every agent needs a human owner. An ownerless agent is an accountability gap. It can drift from its intended purpose, trigger unintended workflows, and create compliance exposure that's hard to trace back.

If agents are already running in your tenant—sanctioned or not—this is the governance layer that keeps them under control.

What to do

You don't need to redesign everything at once. Here are five concrete starting points that can help you save costs:

You can't fix what you can't see

The organizations that manage M365 spend well are the ones who know exactly what they own going into that conversation AND have the visibility to keep it clean in between.

ShareGate Protect gives you that continuous view: inactive licenses flagged as they go inactive (not at next year's audit), add-on assignments tracked and surfaced when they go unused, and cost impact rolled up into one number for stakeholders.

Because the waste doesn't accumulate all at once. It happens quietly, one orphaned seat at a time.

Book a demo to see what Protect surfaces in your tenant.