Analyze E5 License Usage to Identify Downgrade Candidates to E3

Microsoft 365 E5 licenses cost roughly 2x the price of E3, with the premium justified by exclusive workloads: Power BI Pro, Audio Conferencing, Phone System, Advanced eDiscovery, Microsoft Defender for Office 365 Plan 2, Defender for Endpoint Plan 2, Microsoft Purview (advanced), and Customer Lockbox. In most tenants, a meaningful percentage of E5 seats are assigned to users who never touch any of these E5-exclusive features — pure license waste.

This recipe helps you systematically identify those users so Finance and IT can confidently downgrade them to E3 (or E3 + targeted add-ons) without breaking workflows or losing data. It is typically run:

• During annual or quarterly true-up / renewal cycles
• Before a Microsoft Enterprise Agreement renegotiation
• As part of a cost-optimization initiative
• After M&A activity when license inventories merge

The core technique is to cross-reference the list of E5 license holders against activity data from the Microsoft Graph usage reports (Power BI, Teams PSTN, Defender, Purview) over a 90-day window.

You will produce:

• A complete inventory of users assigned an E5 SKU in your tenant
• A per-user utilization matrix showing which E5-exclusive services each user has actually used in the last 90 days
• A downgrade candidate list — users with zero E5-exclusive activity who can safely move to E3
• A keep-as-E5 list — users actively using at least one E5-exclusive feature
• An estimated annual cost savings figure based on candidate count
• A CSV export suitable for review by Finance, Security, and department managers before action

Typical savings

Organizations commonly find 20–40% of their E5 seats are downgrade candidates, translating to tens of thousands of dollars in annual savings per 1,000 seats.

⚠️ Do not downgrade blindly

• Data loss risk: Downgrading removes access to E5-only features. Power BI Pro content a user owns (workspaces, reports) may become inaccessible if no other Pro user inherits ownership. Always reassign ownership first.
• Defender coverage gap: Removing Defender for Office 365 Plan 2 strips Safe Attachments/Safe Links advanced policies, Attack Simulator, and automated investigation from that user. Ensure tenant-wide Defender coverage or licensing gaps do not expose executives or high-value targets.
• PSTN / phone numbers: If the user has a phone number assigned via Phone System (included in E5), downgrading strips calling. Numbers must be reassigned or the user moved to E3 + Teams Phone add-on.
• Compliance obligations: Users under legal hold, advanced eDiscovery custodianship, or with Customer Key/Customer Lockbox requirements may legally require E5. Confirm with Legal/Compliance before acting.
• Usage reports lag: Graph usage reports have a 24–48 hour lag and a maximum 90-day window. A user who used Power BI once 100 days ago will not appear as active. Consider pulling multiple 90-day snapshots or combining with Power BI admin portal export.
• Anonymized reports: If displayConcealedNames is true in report settings, UPNs will be redacted. You must toggle this off (tenant admin action, audit-logged) to attribute usage to individuals.
• Pilot first: Always trial the downgrade on 5–10 users for 2 weeks before bulk action.