The decision to standardize on E5 across an organization is usually made during a procurement negotiation, not a user needs assessment. Microsoft’s sales motion encourages it — simplified licensing, a single SKU, and a per-user price that sounds manageable until you multiply it by headcount and sign a three-year agreement.
The result is that most E5 tenants are running at well below the feature utilization the license unlocks. Microsoft Purview compliance features, Microsoft Defender for Endpoint P2, Microsoft Entra ID P2, Microsoft Sentinel integration — these are sophisticated security and compliance capabilities that require dedicated implementation effort and ongoing management. The majority of users in most organizations never interact with them.
The question right-sizing asks is not “should we have E5?” but “should every user have E5?” For most organizations, the answer is no — and the gap between what they’re paying and what users actually need can be substantial.
What E5 actually includes that E3 does not
The licensing difference between E3 and E5 is meaningful, but it is concentrated in security, compliance, and analytics capabilities that require significant configuration to use.
Microsoft Defender for Endpoint P2 adds device-level endpoint detection and response. This is genuinely valuable — but it requires a Defender deployment, sensor management, and a security team to act on the alerts. In many organizations, Defender P2 is licensed per user under E5 but never deployed because IT does not have capacity to implement it properly.
Microsoft Entra ID P2 adds Privileged Identity Management (PIM) and Identity Protection with risk-based Conditional Access. Again, genuinely useful for privileged accounts and administrators. Far less necessary for the 80 percent of users who access only Exchange, Teams, and SharePoint.
Microsoft Purview compliance features (eDiscovery, Advanced Audit, Compliance Manager, Information Governance) are relevant for legal, compliance, and HR teams. They are not relevant for the sales rep, the operations coordinator, or the warehouse manager.
Microsoft Viva features bundled in E5 cover employee experience analytics and feedback. Most organizations have not implemented these, and most users have no awareness they exist.
The pattern is consistent: E5 adds capabilities that are valuable for a specific population of users — administrators, security staff, compliance officers, legal — but are irrelevant overhead for the general workforce.
The right-sizing methodology
A proper right-sizing exercise looks at two things: what each user is licensed for and what each user actually uses. The gap between those two is the savings opportunity.
Step 1: Pull license assignments. From Microsoft 365 Admin Center or Graph API, export every user with their current license SKU. This gives you the cost baseline.
Step 2: Pull per-product activity. The Microsoft Graph /reports/getOffice365ActiveUserDetail endpoint returns, for each user, whether they have been active in Exchange, Teams, SharePoint, OneDrive, Yammer, and Office apps in the last 30/90/180 days.
Step 3: Identify E5 users who only use E3 features. Users with E5 assignments who show activity only in Exchange and basic Teams — with no usage of Defender, Purview, or Entra P2 features — are candidates for downgrade to E3. Their cost drops from $57 to $22 immediately.
Step 4: Identify E3 users who could be on F-series. Users with E3 or E5 who access Microsoft 365 only from mobile devices or only need Teams, SharePoint, and basic Office — typically frontline workers — may be candidates for Microsoft 365 F1 ($2.25) or F3 ($8). The distinction is whether they need full Office desktop apps (F3) or browser/mobile only (F1).
Step 5: Identify email-only users. Some users — distribution list admins, shared mailbox delegates, automated process accounts — only need a mailbox. Exchange Online Plan 1 at $4/user/month covers this with no suite access required.
What right-sizing cannot do
Right-sizing works well for steady-state license populations. It does not eliminate the need for headroom in dynamic environments. Some things to account for:
License propagation latency. When a user is hired, their license assignment may drive access to systems they won’t use for weeks while they ramp up. New employees often look “inactive” in month one but are legitimately licensed.
Shared devices in F-series. F1 licenses do not allow persistent desktop app installation. If frontline workers share devices but occasionally need full Office functionality, F3 or E1 may be more appropriate than F1.
Add-on complexity. E3 plus specific add-ons (Defender P1, Power BI Pro, Audio Conferencing) can approximate E5 for users who need specific capabilities. Depending on volume, this can be cheaper than E5 or not — the math requires running the numbers against your Microsoft agreement pricing, which may include discounts not reflected in list price.
The conversation with Microsoft
License right-sizing generates savings, but those savings are realized at renewal — Microsoft agreements are prepaid. The more immediate benefit is in negotiating the next agreement term based on actual usage data.
Organizations that walk into a renewal with three months of Graph API activity data — showing exactly which users use which features at what utilization rate — are in a fundamentally different negotiating position than organizations relying on Microsoft’s usage summary. You can make a credible case for the exact tier distribution your workforce actually needs, rather than accepting the tier distribution Microsoft’s sales team recommends.
The standard Microsoft EA structure allows for mid-term true-downs under certain conditions, and Microsoft is often willing to renegotiate tier mix on an annual basis within a multi-year agreement when presented with data. The data is what Microsoft’s own systems produce. Getting it read and acted on before renewal is the entire game.