Most organisations are running Microsoft 365. Very few are actively governing it. There is a difference, and it usually shows up as two numbers the in-house team has never been shown: their Secure Score, and the value of the licences they pay for every month but never use. Neither tends to be small.
An estimated 29% of Microsoft 365 licences sit unused. Plenty of organisations are on the wrong tier for how they actually work. And Microsoft prices have risen 25 to 40% over three years, with the latest increase landing on 1 July 2026. So the typical estate is paying more, for less than it uses, while the clock keeps ticking.
The July 2026 increase matters here because it changes the maths. When licences get more expensive, paying for seats nobody uses stops being a rounding error and starts being real money. A licensing review that removes unused seats and moves people to the right tier can offset a meaningful part of the rise, and in many cases pays for the managed service outright.
The waste is only half the story. The same estates usually carry a quiet security gap. Identity has sprawled, the joiners and leavers process is manual, multi-factor authentication and Conditional Access are inconsistent, and sensitive information sits in SharePoint and email with no data loss prevention. It stays invisible until something forces the question: an insurer asking for evidence of controls, an auditor, or a Copilot rollout that suddenly surfaces data nobody had governed.
Meanwhile the people expected to hold all of this together are a team of one to five, already covering the service desk, endpoints, identity, security and governance at the same time. Asking that team to run a modern Microsoft estate to a defined standard, on top of everything else, is not a resourcing gap. It is structurally impossible.
Owning Microsoft 365 is not the same as managing it
This is the heart of it. Buying the licences gives you the tools. It does not give you a governed Secure Score, a controlled identity model, or a licensing position that reflects how your people actually work. Those things take ownership, a defined standard, and someone whose job it is to hold the line month after month. Most stretched teams simply do not have the room.
Introducing Microsoft 365 Management and Optimisation
That gap is exactly why we have launched our new Microsoft 365 Management and Optimisation service. It is a managed service that takes ownership of the estate you already own and runs it to a defined standard, so the investment finally delivers what you are paying for. In practice that means:
- A managed Secure Score with a monthly improvement roadmap, so your security posture is a number you can see and improve, not a mystery.
- Governed identity and Conditional Access, Purview data loss prevention and sensitivity labels, so access and sensitive data are controlled.
- Intune-managed endpoints with Autopatch and Autopilot, so devices stay current and secure without manual effort.
- A licensing optimisation review that typically pays for the service, by cutting what you do not use and getting value from what you do.
- Confirmation of whether your environment is safe for Copilot, and the work to get it there.
Who feels this most
This bites hardest in regulated and complex estates: financial services and the London insurance market, legal firms, property, and organisations in critical sectors, where a poor Secure Score or ungoverned data is not just a risk but a question an insurer, a client or the regulator will eventually ask. These are also the organisations most likely to be running lean IT teams that have never had the capacity to build governance in.
Proven before you commit a penny
We are wary of promises in this market, so we lead with proof. Every engagement starts with a free M365 Health Check and Security Audit. We assess your configuration, tell you your Secure Score, show you the licences you are paying for and not using in pounds, and confirm whether you are safe for Copilot, in days not weeks. You see the value before you commit anything. Then a fixed-scope statement of work to remediate, followed by the ongoing managed service.
It is a model we can stand behind. Ocorian moved its SQL Server estate to a Northdoor managed service and cut associated costs by around 20%. We have been independent for 37 years, never acquired, with named senior contacts rather than an offshore shared desk, and we bring combined IBM and Microsoft capability rather than a Microsoft-only view. Proven, not promised.
See your two numbers
If you do not know your Secure Score, or your true unused-licence count, that is the place to start. Book your free M365 Health Check and Security Audit and we will show you both, along with a clear plan to close the gaps and stop paying for what you are not using.