The Real Risk Is Not the Penalty — It Is the Unplanned Cost
Enterprise conversations about Microsoft under-licensing risk tend to focus on the compliance penalty scenario: audit, enforcement, back-licensing at list price. This is a legitimate risk — but it is not the primary financial exposure for most EA enterprises. The larger and more common problem is the unplanned true-up cost that accumulates quietly during an EA term as deployments grow beyond the committed baseline, add-ons are rolled out without licence tracking, and acquired entities are integrated without licence coverage.
These situations do not require a formal audit to create significant financial exposure. The annual true-up mechanism captures them automatically. An enterprise that has grown its user population by 400 during an EA term without updating its true-up commitment faces a compounding annual obligation — paying for the overage across three true-up cycles at the rates in its current EA, with no ability to negotiate those rates because the commitment has already passed.
Understanding under-licensing risk requires distinguishing between the three different exposure scenarios it creates: true-up overage costs (the most common), formal audit risk (the most feared), and renewal leverage loss (the most underestimated).
Under-Licensing by Product Category: Risk Profiles
Not all under-licensing carries the same risk profile. The financial consequence of a licence shortfall varies significantly by product family, because the licence rules, audit detectability, and remediation costs differ substantially.
| Product Category | Under-Licensing Risk Level | Primary Exposure Driver | Audit Detectability |
|---|---|---|---|
| Microsoft 365 (E3/E5) | Medium | Stale accounts counted in true-up; contractor user gaps | High — cloud telemetry directly visible to Microsoft |
| Windows Server | High | Per-core model; virtualisation coverage gaps; SA expiry | Medium — requires inventory access or Arc telemetry |
| SQL Server | Very High | Per-core model; edition mismatches; developer licence misuse | High — SQL Server telemetry increasingly cloud-visible |
| Microsoft Copilot (M365) | Medium-High | Peak deployment not tracked; Studio consumption not metered | High — usage data in M365 admin centre |
| Power Platform | Medium | Per-user vs per-app confusion; premium connector usage | Medium — requires admin centre audit |
| Dynamics 365 | High | Module access rights; team member licence misuse | High — environment-level telemetry visible to Microsoft |
| Azure (non-MACC) | Low | Consumption-based — cannot be under-licensed in traditional sense | N/A — real-time consumption billing |
SQL Server: The Under-Licensing Landmine
SQL Server deserves specific attention because it generates the largest individual under-licensing exposures of any Microsoft product — and because SQL Server licence complexity means that under-licensing often develops without anyone in the organisation being aware of it. The per-core licensing model requires covering every physical core on every server running SQL Server. Virtualisation adds complexity: SQL Server Enterprise with SA covers unlimited virtualisation on covered hosts; SQL Server Standard does not. An organisation running SQL Server Standard in a virtualised environment and scaling VM core counts upward without licence adjustment accumulates per-core shortfalls that can reach seven-figure values over a three-year EA term.
Additionally, SQL Server Developer Edition — licensed for development and testing use only — is frequently deployed in near-production environments. If Microsoft's audit discovers Developer Edition SQL Server instances processing production workloads, the remediation obligation applies at full per-core Enterprise pricing for each instance, potentially backdated to the point of first production use.
Windows Server Virtualisation Coverage Gaps
Windows Server licensing in virtualised environments requires per-core coverage for every physical host, with each licence covering either two virtual machines (Standard edition) or unlimited VMs (Datacenter edition). As organisations scale their VM footprint without adjusting licence coverage, Windows Server under-licensing compounds. The SA interaction adds another layer: AHUB (Azure Hybrid Use Benefit) rights apply only to licences with active SA coverage. If SA has lapsed on Windows Server licences that are being used in Azure workloads under AHUB, the Azure usage is unlicensed and subject to remediation at full Azure retail pricing.
The Three Under-Licensing Exposure Scenarios
Scenario 1: True-Up Overage Accumulation
This is the most common scenario and the one most enterprises are least defended against. As deployments grow during an EA term — new users, expanded product rollouts, additional entities — the true-up obligation grows with them. The EA protects you from in-year cost shocks only if deployments stay within the committed baseline; once you exceed it, the excess is captured in the next annual true-up at the current EA unit price.
The problem compounds when the overage is not managed proactively. An organisation that exceeds its M365 E3 baseline by 200 users in Month 4 of an EA year will pay for all 200 at the next annual true-up. If the same 200 overage continues through the next EA year, it is captured again at that year's true-up. Three years of unmanaged 200-user overage on M365 E3 at £200/user/year creates £120,000 in cumulative true-up cost — entirely avoidable with a licence baseline amendment earlier in the term.
Scenario 2: Audit-Triggered Remediation
Formal Microsoft audits triggered by licence shortfall discovery — whether through SAM engagement, telemetry anomaly, or complaint — carry additional commercial consequences beyond the licence remediation cost. Read our full audit response guide for the mechanics, but the commercial summary is this: audit-settlement licence purchases are typically at list price or near-list-price rates, not EA rates. An M365 E5 shortfall of 500 users that would cost £300/user/year at EA rates costs £480–520/user/year if purchased in audit settlement — and the remediation requirement typically covers the entire audit period, not just going forward.
The audit risk multiplier — the ratio of audit settlement cost to compliant true-up cost — is typically 1.4–1.7x for M365 products and 1.8–2.5x for server products with per-core shortfalls. This multiplier is the reason why proactive under-licensing identification and voluntary true-up amendment is always the better commercial choice versus waiting for audit discovery.
Scenario 3: Renewal Leverage Loss
Under-licensing that is identified in or shortly before renewal negotiations fundamentally weakens your negotiating position. If you arrive at renewal discussions with a known licence shortfall, Microsoft's account team can frame the renewal as a compliance resolution exercise rather than a commercial negotiation. Instead of negotiating from a position of choice — we could reduce our commitment, we have competitive alternatives, we want better per-unit pricing — you are negotiating from a position of need: we need to cover our shortfall, and we need Microsoft to help us do it at reasonable rates.
The leverage loss from known under-licensing in a renewal context is routinely worth 12–20% of the renewal value — the difference between the discount you could have achieved from strength and the premium you pay when Microsoft knows you cannot reduce your commitment without triggering a compliance discussion.
Early Detection: The Four Signals of Growing Under-Licensing Risk
Most under-licensing does not appear suddenly. It accumulates incrementally, triggered by identifiable organisational events. Monitoring for these four signals allows governance-aware organisations to address shortfalls before they reach material scale.
Signal 1: Headcount Growth Without Licence Amendment
Every 5% growth in qualifying headcount that is not accompanied by a licence baseline amendment creates a corresponding licence shortfall. If your HR system shows headcount growth but your EA order forms have not changed since signing, you almost certainly have an M365 and potentially Windows/SQL overage accumulating.
Signal 2: Infrastructure Scaling Events
Data centre expansions, cloud migration projects, and infrastructure modernisation initiatives frequently create Windows Server and SQL Server licence shortfalls. Every new physical host, every additional VM core count expansion, and every new SQL Server instance deployment that does not trigger a licence review creates potential under-licensing.
Signal 3: Add-On Product Rollouts Without Governance
When Microsoft add-on products — Copilot, additional security licences, Dynamics 365 modules, Power Platform premium — are rolled out without formal licence tracking, peak deployment typically exceeds whatever was budgeted. The rollout team focuses on deployment success; the licence tracking step is frequently skipped. This creates the add-on creep exposure category documented in our True-Up & Compliance pillar guide.
Signal 4: M&A and Entity Changes
Acquisitions introduce the acquired entity's software estate — typically with incomplete or incompatible licence coverage — into your EA scope. If the acquired entity has on-premises SQL Server or Windows Server deployments that are not covered by transferable licences, integration into your EA creates immediate under-licensing that is very difficult to remediate retroactively.
The correct response to identified under-licensing is voluntary true-up amendment — formally adding the additional licences to your EA at current EA unit rates before the annual true-up date. This approach pays the compliance cost at EA pricing (not list price), documents your governance maturity, and eliminates the audit risk. It also creates the foundation for the true-up leverage position at renewal — you can present a clean, proactively-managed licence history as evidence of governance quality.
The Governance Fix: Three Cadences That Eliminate Under-Licensing Risk
Under-licensing risk is a governance failure. The licence baseline was not maintained in alignment with deployment reality. The fix is a governance cadence that continuously monitors deployment against the committed baseline and triggers amendment processes before shortfalls accumulate.
The quarterly governance framework in our True-Up and Compliance pillar guide covers the complete implementation: a 15-minute monthly check using M365 admin centre and Entra ID data to monitor user count against the EA baseline; a two-hour quarterly reconciliation that cross-references all product deployments against licence entitlements; and a six-week pre-true-up sprint that remediates identified shortfalls and prepares clean data for submission.
For organisations with server-side products — particularly SQL Server and Windows Server — the quarterly reconciliation must include infrastructure inventory review: every physical host's core count versus covered licence count, every SQL Server instance's edition and deployment context, and every Azure Hybrid Use Benefit claim matched to a valid SA-covered licence. This is more technically intensive than cloud product governance, but it covers the highest-exposure product categories.