May 24, 2026·5 min read·CloudRift

How to Audit Microsoft 365 Licenses and Cut Wasted Spend

Inactive users holding E5 licenses and over-provisioned seats quietly inflate your Microsoft 365 bill. Here is how to find the waste — and the security risk that comes with it.

Microsoft 365 licenses rarely show up on your Azure bill, so they escape most cloud cost reviews entirely. That is exactly why they pile up. Users leave, change roles, or never log in — but their expensive licenses stay assigned, costing money and creating security exposure at the same time.

Where the waste hides

  • Inactive users still holding premium E5 or P2 licenses 45+ days after their last sign-in.
  • Over-licensed users who only use basic features but sit on the top tier.
  • Never-logged-in accounts — test, onboarding, or temporary users that were provisioned and forgotten.
  • Departed employees whose accounts were disabled but never de-licensed.

Why it is also a security problem

Every idle licensed account is both a cost and an attack surface. An inactive account with a live license is exactly the kind of stale identity attackers look for — so cleaning up licenses tightens security at the same time it cuts spend.

A faster way to audit

You can do this manually by cross-referencing the Microsoft 365 usage reports against the active-users list — but across a real tenant that is hours of work, and it goes stale immediately. CloudRift's identity audit surfaces inactive users, over-provisioned licenses, and MFA gaps automatically, with the potential savings calculated against current Microsoft pricing.

  • Downgrade E5 to E3 where advanced features are unused.
  • Move frontline workers to F3.
  • Remove licenses from inactive and departed accounts entirely.

See your own wasted cloud spend in minutes

Connect read-only, run a free scan, and get a prioritized list of savings with dollars attached.

The bottom line

License audits are one of the highest-return reviews in IT — a single pass routinely uncovers tens of thousands in annual savings while closing security gaps. Run one, act on the obvious downgrades, and re-check quarterly so the waste never rebuilds.