Paying for Microsoft 365 licenses that nobody uses is one of the quietest budget leaks in IT. Under annual NCE terms, every idle seat you miss at renewal locks you into another twelve months of waste.
The good news: yes, tools exist that surface unused licenses automatically without manual exports or PowerShell scripts. This guide covers how automatic detection works, what to look for in a tool, and how MSPs can reclaim idle licenses across dozens of tenants from a single dashboard.
What is an unused Microsoft 365 license
Yes, several specialized tools automatically surface unused Microsoft 365 licenses. SaaS management platforms like Zylo and Torii pull usage data and highlight idle accounts, while MSP-focused solutions like Augmentt and CoreView do the same across multiple customer tenants without manual effort.
An unused license is one assigned to a user account that shows no sign-in or app activity over a defined period, typically 30 to 90 days. This differs from an unassigned license, which sits in your subscription inventory waiting to be allocated to someone. The distinction matters because unused licenses quietly drain budget month after month, while unassigned ones are at least visible when you check your subscription count.
Why detecting unused Microsoft 365 licenses matters
Idle licenses create problems that compound over time. The longer they go unnoticed, the more they cost you in dollars, security exposure, and audit headaches.
Cut shelfware and renewal costs
Paying for licenses nobody uses inflates your renewal bills. Under Microsoft’s New Commerce Experience (NCE) annual terms, you cannot reduce seat counts mid-contract. Every unused license you miss at renewal locks you into another year of waste.
For organizations with a few hundred seats, even a small percentage of idle licenses can translate to thousands of dollars annually. That money could go toward security tools, staffing, or other priorities instead of inflating SaaS costs.
Tighten security during offboarding
Licenses tied to departed or inactive users can become Microsoft 365 security risks if the accounts remain enabled. A former employee’s mailbox with an active license is still a valid target for credential stuffing or phishing attempts.
Linking license detection to your offboarding process closes this gap. When you catch idle accounts early, you can disable them before they become a liability.
Stay ready for audits and true-ups
Accurate license inventory simplifies Microsoft true-ups and compliance checks. When you know exactly who is using what, you avoid scrambling during an audit or overpaying because your records do not match reality.
How to find unused Microsoft 365 licenses in the admin center
The manual route starts in the Microsoft 365 Admin Center. You navigate to Reports, then Usage, select the relevant usage report, and review the last activity date for each user. From there, you can export the data to Excel for further analysis.
Here is the basic process:
- Sign in to admin.microsoft.com
- Go to Reports, then Usage
- Select the usage report for the app you want to check, such as Exchange, Teams, or OneDrive
- Review the last activity date column
- Export the report if you want to filter or share it
This approach works for a single tenant, but it does not scale. You will repeat the process for every customer, and there is no automation. Just manual exports and spreadsheets that get stale the moment you finish them.
How to detect unused Microsoft 365 licenses with PowerShell
PowerShell combined with Microsoft Graph lets you pull sign-in logs and compare them against assigned licenses programmatically. You can script a threshold check, flagging anyone who has not signed in for 60 days, and run it on a schedule.
- Last sign-in date: Pulled from Azure AD sign-in logs via Graph API
- Assigned licenses: Retrieved with Get-MgUserLicenseDetail
- Threshold comparison: Your script flags users inactive beyond your policy window
This method is flexible and free, but it requires scripting skills and ongoing maintenance. Scripts break when Microsoft updates APIs, and you have to manage credentials and permissions for each tenant. For MSPs managing dozens of customers, running and updating scripts per tenant quickly becomes unsustainable.
How to detect unused Microsoft 365 licenses automatically
Automated tools handle the heavy lifting by continuously aggregating activity data and surfacing idle accounts without manual intervention. The workflow typically follows a predictable pattern.
Step 1. Define what inactive means
Most tools let you set an inactivity threshold, commonly 30, 60, or 90 days of no sign-in or app usage. Your policy here aligns with HR and offboarding workflows so you are not flagging someone on extended leave or sabbatical.
The threshold you choose depends on your organization. A 30-day window catches idle accounts quickly but may generate false positives. A 90-day window is more conservative but lets waste accumulate longer.
Step 2. Pull sign-in and app activity signals
Automated platforms pull from multiple data sources: Azure AD sign-in logs, Microsoft 365 usage reports, and app-level activity like mail sent, Teams calls, or SharePoint edits. Aggregating all of these signals gives a fuller picture than sign-in data alone.
Someone might sign in once a month to check email but never touch Teams or OneDrive. A tool that only looks at sign-in dates would miss that the Teams license is going unused.
Step 3. Flag idle and misassigned licenses
The tool compares activity against assigned licenses to surface accounts with no usage. Some platforms also catch misassignment, like an E5 license assigned to someone who only uses email. In that case, you could downgrade to a cheaper SKU and save the difference.
Step 4. Trigger alerts or PSA tickets
Good tools push alerts via email, webhook, or directly into your PSA. Technicians can act without logging into another dashboard, and nothing slips through the cracks.
For MSPs, PSA integration is particularly valuable. An alert that creates a ticket in ConnectWise or Autotask means the work gets tracked and assigned like any other service request.
Step 5. Automate removal or downgrade
Some platforms offer auto-remediation. After a grace period or approval workflow, the tool revokes or downgrades the license automatically. This removes the manual step entirely and ensures idle licenses do not linger for months.
Step 6. Tie detection into offboarding
Linking license detection to your offboarding process ensures licenses are reclaimed as soon as a user departs, not months later when someone finally notices the account is still active. This connection between HR events and license management is where automation really pays off.
What to look for in a Microsoft 365 license detection tool
Not all tools offer the same depth. Some generate reports you still have to act on manually. Others automate the entire workflow from detection to reclamation. Here is what separates a basic report from a platform you can rely on.
Multi-tenant visibility
For MSPs, the tool aggregates license data across all customer tenants in one view. Jumping between admin centers is slow and error-prone, and it does not scale when you manage 50 or 100 customers.
Activity-based inactivity detection
Look for tools that go beyond last sign-in and examine actual app usage, including mail sent, Teams calls, and SharePoint edits. A user who signs in but never touches an app is still wasting a license.
Group-based licensing support
Azure AD group-based licensing can complicate reclamation. If a user gets their license through group membership, removing the license directly will not work. The tool you choose understands group membership so you do not accidentally break assignments or create conflicts.
Automated reclamation actions
Reports are helpful, but one-click or scheduled removal actions save time and reduce human error. The fewer manual steps between detection and action, the more likely idle licenses actually get reclaimed.
Brandable license reporting
For MSPs, the ability to generate client-facing reports with your logo and branding turns license management into a visible service. Customers see the value you deliver, and you have documentation for quarterly business reviews.
| Capability | Admin Center | PowerShell | SaaS Platform | MSP Platform |
|---|---|---|---|---|
| Multi-tenant view | No | Manual | Varies | Yes |
| Activity-based detection | Limited | Custom | Yes | Yes |
| Automated reclamation | No | Manual | Varies | Yes |
| PSA integration | No | No | Rarely | Yes |
| Brandable reports | No | No | Varies | Yes |
Tools that automatically surface unused Microsoft 365 licenses
Microsoft 365 Admin Center
Free and built-in, but manual and single-tenant only. Good for small organizations checking ad hoc, but not practical for ongoing management or multi-tenant environments.
PowerShell and Microsoft Graph
Free and flexible, yet requires scripting skills and ongoing maintenance. You can build exactly what you want, but you also own all the upkeep. For MSPs managing many tenants, the maintenance burden often outweighs the cost savings.
SaaS management platforms
Tools like Zylo, Torii, and BetterCloud aggregate SaaS usage including Microsoft 365. They are designed for enterprise IT teams managing a single large environment, not MSP multi-tenant workflows. If you only manage one organization, they work well. If you manage many, the per-tenant setup becomes cumbersome.
MSP-focused platforms
Purpose-built for managing many customer tenants, examples include Augmentt, CoreView, and CIPP. These offer multi-tenant dashboards, automated alerts, and PSA integrations that fit how MSPs actually work.
How MSPs detect unused Microsoft 365 licenses across multiple tenants
Jumping between tenants is slow and error-prone. MSP-focused tools connect via CSP Partner Portal or delegated admin and pull license and usage data across all tenants into a single dashboard.
- Single-pane visibility: See all tenants without switching contexts or logging in and out of different admin centers
- Per-tenant policies: Set different inactivity thresholds by customer based on their business needs
- Automated customer reports: Schedule branded reports for each client that show license utilization and savings opportunities
This approach turns license management from a reactive chore into a proactive service you can deliver consistently across your entire customer base.
How to reclaim unused Microsoft 365 licenses safely
Reclaiming a license without proper steps can disrupt users or lose data. A safer approach involves a few key practices.
- Notify stakeholders: Email the user or their manager before revoking to confirm the account is truly inactive
- Disable first: Block sign-in or convert the mailbox to shared before deleting the account entirely
- Export data: Ensure OneDrive and mailbox content are backed up or transferred to another user
- Log the change: Record the removal in your PSA or ticketing system for audit purposes
Some platforms offer a grace period or approval workflow so nothing gets revoked without review. This extra step prevents accidental removal of licenses from users who are simply on vacation or working remotely with limited connectivity.
Automate unused Microsoft 365 license detection with Augmentt
Augmentt surfaces unused licenses automatically across all customer tenants from a single dashboard. You get multi-tenant license reporting, one-click reclamation actions, and PSA-integrated alerts, so your team can act fast without jumping between portals.
Ready to stop paying for licenses nobody uses? See how Augmentt simplifies Microsoft 365 license management for MSPs.
Frequently asked questions about detecting unused Microsoft 365 licenses
What counts as an inactive Microsoft 365 user?
An inactive user is typically someone who has not signed in or used any Microsoft 365 app, including Exchange, Teams, SharePoint, or OneDrive, within a defined period. Most organizations use a threshold of 30 to 90 days depending on their policy and business context.
Can you remove a Microsoft 365 license without losing user data?
Yes. Removing a license does not immediately delete mailbox or OneDrive data. However, the data enters a retention window and will eventually be purged unless you convert the mailbox to shared or export the content first. The retention period varies based on your tenant settings.
Does Microsoft NCE or CSP billing affect reclaiming unused licenses?
Under NCE annual terms, you cannot reduce seat count mid-term. Reclaimed licenses sit unused until renewal, so detecting them early helps you right-size at the next renewal date rather than paying for another year of waste.
How often should you audit Microsoft 365 license usage?
Most organizations run a usage audit monthly or quarterly. Automated tools surface idle licenses continuously, so you catch issues before the next billing cycle rather than discovering them during annual renewal planning.
Can unused Microsoft 365 licenses be reassigned automatically?
Some platforms support auto-reassignment workflows where a reclaimed license is added back to an available pool and assigned to a new user via group-based licensing or provisioning rules. This keeps licenses in circulation rather than sitting idle after reclamation.
