Every organisation with more than five years of Microsoft licensing history has legacy. Perpetual licences purchased before the subscription era. Software Assurance coverage maintained on products the business stopped actively using. End-of-life server software running in corners of the infrastructure that no one wants to touch. Products superseded by capabilities now included in M365 bundles the organisation is already paying for.
Legacy licence management is not primarily a cost-saving exercise — although it frequently produces significant savings. It is a risk management exercise. Unmanaged legacy creates compliance exposure, unnecessary cost, and strategic inflexibility. The organisation that does not know what legacy licences it holds cannot manage its true-up accurately, cannot right-size its EA at renewal, and cannot answer confidently in a Microsoft audit.
This article provides the framework for conducting a legacy licence audit, making the keep-or-retire decision on each category, and managing the transition in a way that preserves legitimate entitlements while eliminating genuine waste.
The Four Categories of Microsoft Legacy
Legacy is not a single problem. It comprises at least four distinct categories, each with different cost profiles, compliance implications, and retirement pathways.
Category 1: Perpetual Licences with Active Software Assurance
These are licences purchased in the perpetual model (OLP, Select, EA perpetual) that are still covered by active Software Assurance. The SA provides upgrade rights to current versions, which means the organisation is entitled to run the current product version. The question is whether the SA cost — typically 25–29% of the original licence value annually — is justified by the benefits being consumed.
SA benefits beyond version upgrade rights include: License Mobility, Home Use Programme, step-up rights, training vouchers, and deployment planning services. Most organisations consume a fraction of these benefits. See our Software Assurance ROI calculation guide for the detailed analysis framework. The key question for each SA-covered perpetual licence is whether the total benefits consumed justify the annual cost. Frequently they do not, and retirement of SA (converting to perpetual without SA) is the correct decision.
Category 2: Perpetual Licences Without Software Assurance
These are permanent entitlements the organisation holds independent of any subscription or active SA coverage. They have real value — in a Microsoft audit, they offset deployment against subscription requirements — but they are frequently untracked. Organisations that cannot produce their licence documentation for perpetual products they own are exposed in an audit even when they are technically compliant.
These licences are almost never a cost to retire — they are assets. The management imperative is documentation and tracking, not elimination. Many organisations discover perpetual entitlements they had forgotten about during legacy licence audits, which improves their compliance position and potentially reduces their M365 subscription requirements.
Category 3: End-of-Life and End-of-Support Products
Microsoft products transition through Mainstream Support, Extended Support, and then End of Life on published timelines. Products in Extended Support receive security patches but no new features. Products at End of Life receive neither. Running End-of-Life Microsoft software creates security risk, often creates compliance risk (particularly for regulated industries), and is frequently invisible in an organisation's licence management programme because no one is tracking it as a distinct category.
The key products in this category as of 2026 include: SQL Server 2014 (EOS October 2024), Windows Server 2012/2012 R2 (EOS October 2023, extended via Azure ESU), and various versions of Office that are outside the M365 connected services support policy. Running these products without active ESU (Extended Security Updates) coverage — which Microsoft now sells as a standalone product — creates unmanaged security and compliance exposure.
Category 4: Products Superseded by M365 Bundle Entitlements
This is the most common source of legacy waste in organisations that have moved to M365 subscriptions. M365 E3 and E5 include a substantial set of product entitlements: Exchange Online, SharePoint Online, Teams, Intune, Entra ID P1 (E3) or P2 (E5), Defender for Endpoint P1 (E3) or P2 (E5), and others. Organisations that are also paying for standalone licences for any of these products — having not rationalised their licence portfolio when moving to M365 — are paying twice.
Common examples include: standalone Exchange Online licences held alongside M365 E3 (which includes Exchange Online); Intune standalone licences held alongside M365 E5 (which includes Intune); separate Azure AD Premium P1 licences held alongside M365 E3 (which includes Entra ID P1). Each overlap represents direct, identifiable waste.
The Legacy Licence Audit: What to Examine
A comprehensive legacy licence audit examines five data sources:
- Volume Licensing Service Centre (VLSC) records: The authoritative source for current licence entitlements under your volume agreements. Includes SA expiry dates, product versions covered, and historical purchase records. Many organisations have not reviewed their VLSC data in years.
- Microsoft 365 Admin Centre licence assignments: Current subscription licence assignments and unassigned seat inventory. Identifies unutilised subscriptions that may be duplicating legacy entitlements.
- Azure subscription and MACC data: Azure resource consumption, PaaS/IaaS deployments, and MACC burn rate. Identifies over-provisioned resources and ESU uplift costs for legacy server workloads running in Azure.
- Active Directory and SCCM/Intune device data: What software is actually installed and running on managed devices. The definitive source for identifying legacy software still in use versus licences held but no longer deployed.
- Finance and procurement records: Historical purchase orders, invoice records for licence purchases made outside the volume agreement. Often reveals perpetual licence purchases that were not recorded in VLSC.
Keep, Review, or Retire: The Decision Framework
For each legacy licence category, the decision framework follows three questions: Is the software actually deployed and in use? Does the licence provide unique entitlement value not already covered elsewhere? Does the annual cost (SA, subscription, or support cost) justify the benefit consumed?
Perpetual Office (Office 2016, 2019, 2021) with Active SA
If the organisation has deployed M365 Apps (included in M365 E3/E5), the perpetual Office licences are redundant for most users. However, they may retain value for: specific user populations not on M365 subscriptions; kiosk users on F-series licences who need Office apps; or offline deployments where cloud connectivity is constrained.
Keep if: There is a genuine deployed population that cannot or should not be on M365 Apps, and the perpetual + SA cost is lower than adding M365 E3 for those users.
Retire SA if: Most users are on M365 E3/E5. Dropping SA on perpetual Office licences while retaining the perpetual entitlement itself eliminates the ongoing SA cost while preserving the fallback right.
Windows Server 2012 / 2012 R2 (End of Support October 2023)
End of Extended Support means no further security patches without purchasing Extended Security Updates (ESU). Workloads still running on Windows Server 2012/R2 create active security and compliance exposure. Microsoft sells ESU coverage at increasing annual cost per year post-EOS (Year 1, Year 2, Year 3 at escalating rates).
Keep with ESU if: The workload cannot be migrated in the near term, the compliance or security requirement for patching is real, and the ESU cost is proportionate to the risk being mitigated. Note: workloads migrated to Azure receive free ESU as an Azure migration incentive.
Retire (migrate): For most organisations, the correct decision is planned migration to Windows Server 2022 or Azure-hosted workloads, with ESU providing bridge coverage during the migration period. ESU should not become a permanent solution.
SQL Server 2014 / 2016 (End of Support July 2024 / July 2026)
SQL Server 2014 reached EOS in July 2024. SQL Server 2016 reaches EOS July 2026. Both have Azure migration incentives for free ESU. For on-premises deployments, ESU must be purchased separately.
Keep with ESU if: Application dependencies prevent migration in the near term and the workload is business-critical. Factor ESU cost into the total cost of inaction on migration.
Migrate to Azure SQL: Azure SQL Managed Instance or Azure SQL Database provide a migration path that also eliminates the per-core SQL Server licensing cost, since Azure SQL is consumption-priced. The SQL Server Azure vs on-premises cost comparison provides the financial framework for this decision.
Standalone Exchange Server (on-premises)
Exchange Server 2016 reaches EOS October 2025. Exchange Server 2019 is the current version but requires ongoing CAL investment (Server + CAL model). For organisations with M365 subscriptions, the hybrid Exchange configuration often maintains on-premises Exchange infrastructure far longer than operationally required.
Hybrid Exchange is necessary for certain scenarios (on-premises public folders, specific compliance requirements, low-connectivity sites) but is maintained unnecessarily by a significant proportion of organisations simply because no one has made the decision to decommission the last Exchange server. The server licence, CAL, and infrastructure cost can be eliminated once genuine hybrid dependencies are resolved.
System Center Configuration Manager (SCCM) / Legacy Endpoint Manager
Organisations with M365 E3 or E5 have Intune entitlement included. Many also maintain SCCM infrastructure for device management — creating a parallel investment in endpoint management tooling. Microsoft has positioned co-management (SCCM + Intune) as a migration pathway, but the co-management state is operationally expensive to maintain long-term.
Review the SCCM licence cost against the Intune co-management framework to determine whether the SCCM SA cost is justified by capabilities Intune genuinely cannot replicate in your environment. For most organisations completing their cloud migration, SCCM SA retirement is the right medium-term decision.
Azure AD Premium P1 / P2 Standalone Licences
M365 E3 includes Entra ID P1 (formerly Azure AD P1) for every licensed user. M365 E5 includes Entra ID P2. Organisations holding standalone Azure AD Premium licences alongside M365 E3/E5 subscriptions are paying twice for the same entitlement. This is a direct, identifiable overpayment that should be eliminated at the next opportunity.
Verify the entitlement overlap via Azure Portal / Microsoft 365 Admin Centre before removing standalone licences, and confirm that the user population covered by standalone licences is fully covered by the M365 subscription before retiring the standalone product.
The Retirement Process: Doing It Without Losing Entitlements
Legacy licence retirement creates two practical risks if handled incorrectly: losing legitimate perpetual entitlements by misunderstanding what needs to be maintained; and creating compliance gaps by retiring SA coverage without ensuring the underlying deployment is fully entitled by subscription or remaining perpetual rights.
Preserving Perpetual Rights When Retiring SA
Retiring Software Assurance on a perpetual licence does not extinguish the perpetual licence itself. The perpetual licence right remains. However, from the point of SA expiry, the organisation is entitled only to the product version that was current at the time of original purchase — not the version that was current when SA expired. This distinction matters for products where version matters to compliance: running Office 2019 on a perpetual licence with SA expired in 2021 means you are entitled to the version covered at SA expiry, not the current version.
Document the version entitlement at SA expiry date for each perpetual licence before retiring SA. This record becomes part of your licence estate documentation for audit purposes.
EA Licence Count Reduction at Renewal
Mid-cycle EA licence count reductions are difficult to achieve for most products. The EA committed licence count is a binding commitment. Legacy licence rationalisation that reduces your required subscription count should therefore be planned to align with EA renewal, so the right-sized count is reflected in the new agreement rather than paid for but unused through the remainder of the current term.
This is one of the strongest arguments for beginning legacy licence analysis at least 12 months before EA renewal: the analysis findings directly inform the renewal licence count negotiation, which is where the financial benefit is captured. A structured 12-month cost reduction roadmap sequences legacy licence work to feed the renewal preparation process.
The Documentation Imperative
Organisations that retire SA, change product deployment, or reduce licence counts must maintain clear documentation of every decision and its basis. In a Microsoft audit, the burden of proof for licence entitlement falls on the customer. A legacy licence rationalisation programme that was executed without documentation leaves the organisation in a worse audit position than one that was never attempted. Document every decision, retain original purchase records, and update your licence management system at every change point.
Prioritising Legacy Work: Where to Start
A full legacy licence audit is a significant undertaking. For organisations that need to prioritise, the sequencing should be:
- M365 bundle overlap analysis — This is the highest-probability, lowest-effort savings opportunity. Run the overlap check between your M365 entitlements and standalone licences. Most organisations find at least one category of direct duplication.
- EOS product risk assessment — Identify any products currently outside mainstream or extended support. These represent active security and compliance risk that needs to be managed regardless of cost.
- SA cost-benefit review on server products — SQL Server, Windows Server, and Exchange SA coverage often represents the largest absolute legacy cost. Evaluate each against current deployment requirements and migration timelines.
- Perpetual licence documentation — Ensure all perpetual licences are documented with version entitlements and stored in an accessible, auditable format. This protects existing value rather than creating new savings, but it is foundational to everything else.