A national operations business with around 700 employees had an M365 environment that had grown over years without a structured periodic review. Licence count exceeded active users. Departed staff still held paid licences. A $16,600 file storage add-on was unnecessary. Equilibrium audited the full tenant and produced a sequenced remediation plan.
The client is a national operations business with around 700 employees and an extended contractor pool. M365 was the primary collaboration and productivity platform across the group, supporting email, document management, Teams meetings and a Direct Routing phone integration. Total tenant size: 732 accounts, 185 managed users, 214 paid M365 licences.
Several signs suggested the licence base no longer matched actual use. Total licence count exceeded the active managed user count. Departed staff were anecdotally still appearing in distribution lists and shared file permissions. Some accounts had been blocked but were still consuming licences. Additional services had been added incrementally without a holistic review. The IT services provider managing the tenant had not flagged the gap.
The cost exposure was material. M365 spend at this scale runs into six figures annually. Even a 10% over-licensing rate represents tens of thousands of dollars in unnecessary cost.
Full account inventory. Every account in the tenant was extracted with its licence assignments, last sign-in date, group memberships and account status. The 732 accounts were classified into categories: active managed users, service accounts, shared mailboxes, departed staff, blocked accounts and unknown.
Licence mapping. Each licensed account was mapped against actual use. The criteria were practical: has this account signed in within the last 90 days, is it a known active employee, does it have a legitimate business reason to retain its licence.
Flag and verify. The audit identified 68 flagged accounts requiring review. Of these, 24 were confirmed as departed staff who still held active paid licences. 11 were blocked accounts still consuming licences (blocking does not free up the licence by default). The remainder required HR or manager confirmation before action.
Service add-on review. Beyond user licences, the audit reviewed the tenant's additional services. Findings included a $16,600 per year file storage add-on that the organisation did not need (the included storage was already well beyond actual use) and a Teams Phone arrangement that, while legitimately needed for the Direct Routing integration, was sized larger than required.
Remediation pathway. Each finding came with a specific action: licence to be released, account to be deleted or archived, add-on to be cancelled, sizing to be adjusted. The actions were sequenced to avoid disrupting active users: delete blocked and confirmed-departed accounts first, then released-and-confirmed-leavers, then progressively the remainder.
M365 audit is a specialist on-demand engagement: defined scope, fixed deliverable, no ongoing commitment required. Most clients run this exercise every two to three years and find similar gaps.
The same pattern shows up across other vendor relationships: storage subscriptions, software licences, telephony, security tooling. Vendors do not generally proactively flag over-licensing. A periodic external audit is the pragmatic counter-measure. Equilibrium runs these reviews across M365, telephony and managed IT services on request.
Book a free scoped review. We will tell you what an M365 audit covers, how long it takes and what it typically finds in tenants your size.
Book a scoped review