The True-Up Problem Enterprise Buyers Face
Every Microsoft Enterprise Agreement creates a compliance obligation that most enterprise buyers dramatically underestimate. Once per year — and once more at agreement termination — your organisation is required to self-report its deployment of Microsoft products against the licences committed in your EA. If your deployment exceeds your commitment, you pay for the difference. If it falls short, you continue paying for licences you are not using. Simple in concept. Expensive in practice.
The complexity is not in the mechanism itself — it is in the intersection of four factors that systematically work against buyers: counting methodology ambiguities that Microsoft interprets in its favour; licence tracking failures in enterprise IT environments with contractor churn, M&A activity, and distributed IT governance; product complexity created by Microsoft's expanding product portfolio and new add-on structures; and commercial power asymmetry where Microsoft's account teams use the true-up as a renewal positioning tool rather than a compliance verification exercise.
This guide provides the complete framework for managing Microsoft true-up obligations as a strategic commercial activity rather than an annual administrative event. It covers the mechanics of the true-up process, the most common and costly exposure categories, the governance framework that prevents surprise exposure, the dispute mechanisms available to buyers, and how to convert true-up data into negotiating leverage at renewal.
Across our true-up compliance review practice, the median gap between what clients expected to pay at their next true-up and what Microsoft's calculation indicated was owed under their standard EA terms — before remediation.
True-Up Mechanics: What Actually Happens
The true-up cycle has a formal structure that varies slightly by EA type (standard EA vs MCA-E) and by LAR involvement, but follows a consistent pattern for the majority of enterprise customers. Understanding the timeline and the actors involved is essential preparation for managing the process effectively.
The True-Up Timeline
Your EA anniversary date determines your true-up submission deadline. Microsoft's standard terms require true-up submission within 30 days of each EA anniversary date — the date one year, two years, and three years from your agreement start date. Microsoft typically initiates the true-up process 60–90 days before the anniversary through your LAR, providing a "true-up order form" that lists covered products and their baseline quantities.
The order form is not a pre-completed reconciliation. It lists what you committed to at EA signature and leaves the "quantity added" column blank for your IT department to complete. Your finance or procurement team typically receives this from the LAR, forwards it to IT, IT runs a deployment count, the number goes back into the order form, and it is submitted. The entire process is often completed in two to three weeks with minimal scrutiny of the counting methodology. This is where most of the financial exposure is created.
Who Reports and What They Count
Your organisation self-reports deployment. Microsoft does not independently verify your count unless it exercises its formal audit rights — which is a separate, more consequential process. The self-reporting structure means your count is only as accurate as your IT department's data sources and counting methodology.
The critical question is: what counts as a "deployed" or "qualifying" instance of each product? Microsoft's standard EA language typically defines deployment as a product being "made available to a user or device." In cloud products, this maps to licence assignment in your tenant — not to active use, not to first sign-in, not to confirmed deployment of client software. Assigned licences that were never activated, accounts that belong to terminated employees not yet cleaned from your tenant, and licences assigned to contractors who have left — all of these may qualify as countable instances under Microsoft's standard language.
In a 2025 review of a 12,000-user financial services organisation, we found a 1,847-user gap between the IT department's "active user" count and Microsoft's "qualifying user" count under the standard EA definition. The IT department reported assigned users who had authenticated in the last 90 days. Microsoft's count included all assigned licences, including 1,847 accounts that belonged to contractors, terminated employees awaiting IT cleanup, and external users granted temporary access. The exposure — at $38/user/month for M365 E5 — represented $840,000 per year.
The Four Major Exposure Categories
True-up exposure accumulates through four distinct mechanisms. Understanding all four is essential — organisations that focus only on headcount growth consistently miss significant exposure in the remaining three categories.
Category 1: Untracked User and Device Growth
Headcount growth is the most visible true-up driver, but it is rarely the most dangerous. Organisations that manage headcount carefully still accumulate true-up exposure through contractor and temporary worker onboarding (which may not pass through the same IT provisioning controls as permanent employees), acquisition activity (acquired entities may use Microsoft products outside your EA), seasonal workforce expansion, and external collaboration licences granted to partners or customers.
For a full treatment of preparation against this category, the true-up preparation guide covers the data gathering methodology, Entra ID analysis, and reconciliation process in detail.
Category 2: Add-On and SKU Uplift Creep
The second category is both the fastest-growing and the least-monitored in most organisations. Microsoft's expansion of the M365 product catalogue — adding Copilot, Viva, Power Platform, Defender add-ons, and Purview components as separately licensed products — means that every new Microsoft feature deployment potentially creates new true-up exposure for products not covered in your original EA baseline.
The mechanism is simple: your EA covers specific products at specific baselines. If your IT team enables a product — even as a trial or pilot — and that product is not in your EA coverage, you face both true-up exposure for current deployment and potential retroactive liability for historical deployment under your EA's audit rights provisions. M365 Copilot is the highest-value current example: organisations that ran informal Copilot pilots before making a formal EA commitment may face questions about the deployment period before formal licensing was in place.
| Add-On Category | Common Trigger | Typical Discovery Timing | Risk Level |
|---|---|---|---|
| M365 Copilot | Informal trials via E5 tenant entitlement | At true-up or audit | High |
| Microsoft Viva suite | HR enabling Viva Insights or Engage | At true-up | Medium |
| Defender for Endpoint P2 | Security team upgrading from E3 baseline | At true-up | Medium-High |
| Power Platform add-ons | Business units self-provisioning via Power Apps portal | At true-up | High |
| Teams Phone add-ons | IT enabling Phone System without full licence review | At true-up | Medium |
Category 3: Copilot-Specific Tracking Failures
Copilot licensing creates a distinct sub-category of add-on exposure because of the combination of high unit cost ($30/user/month), widespread informal pilot activity, and multiple Copilot SKUs that are tracked separately (M365 Copilot, Copilot for Sales, Copilot for Service, GitHub Copilot, Copilot Studio). The M365 true-up guide covers the Copilot tracking framework specifically, including how to identify informal deployment through Entra ID activity logs and Microsoft 365 admin centre usage reports.
Category 4: Entity and Organisational Complexity
The fourth category affects organisations with complex legal structures: multiple legal entities, recent acquisitions, joint ventures, and geographic expansion. The EA typically defines the "enrolled affiliates" covered under its terms. Products deployed by entities not explicitly enrolled as affiliates create true-up exposure that is not automatically covered by your EA's pricing. Organisations that have made acquisitions during an EA term without updating their enrolled affiliate list are the most vulnerable in this category.
True-Up vs Audit: A Critical Distinction
The distinction between a Microsoft true-up and a formal Microsoft licence audit is one of the most commercially important — and most frequently confused — aspects of EA compliance management. Understanding the difference determines your rights, your obligations, and your response strategy when Microsoft initiates each process.
The true-up is self-reported. You control what you submit, within the limits of contractual honesty. Microsoft receives your report and processes the order form. Microsoft does not independently verify your count during the standard true-up process. You are not granting Microsoft access to your systems. The power dynamic, while asymmetric, is within your management.
A formal audit is a different process with different rights attached. Under standard EA terms, Microsoft has the right to audit your compliance directly — typically through a designated third party, with advance notice, during normal business hours. A formal audit can result in retroactive liability for products deployed but not reported, potentially spanning the entire EA term. The look-back period in a standard EA audit is typically three years.
The full treatment of what triggers a formal audit, how to respond, and how to defend against audit findings is covered in the Microsoft licence compliance audit guide. The key point here: do not conflate account team communications about your "true-up obligations" with exercise of Microsoft's formal audit rights. The two have very different legal and commercial implications.
The True-Up Governance Framework
Managing true-up exposure is not a once-per-year activity. It is a continuous governance function that requires three distinct operating cadences: monthly licence hygiene, quarterly reconciliation, and a pre-true-up sprint beginning six weeks before your anniversary date.
Monthly Licence Hygiene (15 Minutes)
The monthly hygiene cycle does not require significant time investment but must be consistent. Its purpose is to prevent the accumulation of stale accounts — the primary source of the user count inflation that creates true-up exposure. The monthly check involves running an Entra ID stale account report (accounts not authenticated in 30–60 days), processing licence recovery for accounts identified as inactive, and verifying that contractor and temporary worker offboarding has triggered licence removal. Most organisations can complete this in 15 minutes using Entra ID's built-in activity reporting.
Quarterly Reconciliation (2 Hours)
The quarterly reconciliation is more comprehensive: it compares your current deployment count across all covered products against your EA baseline, calculates your projected true-up exposure at the current rate of change, and identifies any new products being deployed that are not covered by your EA. The reconciliation requires data from Entra ID, the Microsoft 365 admin centre (for M365 products), and the Azure portal (for Azure-based services), consolidated against your EA order history. For organisations with complex IT environments, automated tooling — Microsoft's own MCCA or third-party ITAM platforms — can significantly reduce the time requirement.
Pre-True-Up Sprint (6 Weeks)
The six-week pre-true-up sprint is your remediation window. Any stale accounts, over-deployment discovered in the quarterly reconciliation, or organisational changes not yet reflected in your licence count must be addressed before the true-up submission deadline. This window is also when you should review the true-up order form provided by your LAR and verify that the baseline quantities reflect your actual EA terms, not Microsoft's preferred interpretation. For the detailed preparation calendar and remediation priorities, see the true-up preparation guide for 2026.
When to Dispute and How
Disputes with Microsoft over true-up counts are more common than most enterprise buyers realise, and more winnable than most believe. Microsoft's counting methodologies are not always applied consistently, and the standard EA language leaves interpretive latitude that favours a well-prepared buyer.
The most common disputable positions involve: Microsoft's definition of "qualifying user" for products where your EA language could support an active-use interpretation; proration calculations for mid-year deployments where the "deployment date" is ambiguous; and add-on product counts where Microsoft's system records differ from your IT department's deployment logs.
Disputes must be initiated before you sign the true-up order form. A signed order form constitutes acceptance of the quantities and pricing. If you have concerns about any line item on the order form, do not sign it and immediately engage your procurement and legal teams. The dispute mechanism varies by EA type — standard EAs typically provide 30 days to dispute an assessment, but the specific language in your agreement governs. For the full dispute framework including escalation paths and settlement negotiation guidance, the true-up dispute guide and our True-Up Survival Guide are the definitive resources.
Converting True-Up Data into Renewal Leverage
One of the most underutilised aspects of true-up management is the commercial intelligence it generates for EA renewal negotiations. Your three years of true-up data — if properly analysed — provides powerful evidence for negotiating your renewal baseline, challenging Microsoft's deployment growth projections, and building a credible case for licence count reductions.
Specifically: if your true-up history shows consistent under-deployment against your EA baseline across one or more products, you have evidence for a lower renewal baseline. Microsoft will use your highest-ever deployment count as the anchor for renewal baseline negotiations — your job is to use your current deployment count and a credible forward deployment model as the counter-anchor. The gap between Microsoft's anchor and your counter-anchor is the negotiating space. Organisations with two or three years of true-up data showing systematic over-licensing have successfully negotiated 15–30% baseline reductions at renewal — representing significant multi-year savings.
For the full renewal preparation framework, the Complete Guide to Microsoft EA Negotiation and the EA renewal preparation guide cover how true-up data integrates with the full commercial preparation process.
This Cluster: Full Coverage of True-Up and Compliance
This pillar guide provides the strategic framework. The sub-pages in this cluster provide the detailed operational guidance for each aspect of true-up and compliance management.