24 February 2026 · 12 min read · Arviteni
Most care organisations accumulate software licences over years without reviewing overlap. This practical guide walks care providers through auditing their licence estate, understanding what Microsoft E5 includes, and knowing when consolidation makes sense.
Every care organisation uses software. Email, endpoint security, data classification, email archiving, network monitoring, device management. Each tool was purchased for a good reason at the time. The problem is that nobody ever steps back to look at the full picture.
Licence sprawl is one of the most expensive and least visible problems in care sector IT. It does not announce itself. There is no single invoice that says "you are paying for the same thing three times." Instead, it builds quietly over years as different people buy different tools to solve different problems, and nobody reviews whether those tools still make sense together.
We see this pattern across care organisations of every size. A residential group paying £96,000 a year for email security that their Microsoft licence already includes. A nursing home group spending £114,000 annually on a data classification tool when Microsoft Information Protection does the same job natively. A national care provider running seven separate vendor contracts when one licensing tier would cover all of them.
The numbers are real. In one case, a care group was spending £873,000 a year across seven vendors and reduced that to under £392,000 by consolidating into Microsoft 365 E5. That is £481,000 a year that went from duplicate software licences back into care delivery.
Understanding how it happens is the first step to fixing it. Licence sprawl in care organisations follows a predictable pattern.
Tool by tool purchasing. Each product was bought to solve a specific problem at a specific time. Mimecast was introduced because the old email system had no spam filtering. Sophos was deployed because endpoints needed protecting. Darktrace was added because the board wanted network visibility. Each decision made sense individually. Nobody assessed them collectively.
Different people buying at different times. The IT manager five years ago chose one endpoint protection tool. Their replacement preferred another vendor. The operations director signed off on a data classification product because a consultant recommended it. Renewal dates are scattered across the year, and nobody holds a single view of what the organisation is paying for.
No periodic review. This is the core issue. Most care organisations do not conduct an annual licence audit. Contracts renew automatically. Direct debits continue. The only time anyone looks at the full picture is when budgets are under pressure, and by then the costs have compounded for years.
Vendor lock-in through inertia. Switching away from a familiar tool feels risky even when the replacement is already paid for. The perceived effort of change keeps overlapping tools in place long after the overlap becomes obvious.
Microsoft expanding faster than anyone reviews. Microsoft has significantly expanded the security and compliance capabilities in its E3 and E5 tiers over the past five years. Features that required third party tools in 2020 are now included natively. But if nobody revisits the licence estate, those included capabilities sit unused while the third party contracts keep renewing.
If your care organisation is on Microsoft 365 E3 or Business Premium, you are already paying for email, productivity apps, and basic security. E5 adds a comprehensive security and compliance stack that directly replaces many common third party tools.
Here is what E5 includes, mapped against the products care organisations typically pay for separately.
E5 includes: Exchange Online Protection and Microsoft Defender for Office 365 (Safe Attachments, Safe Links, advanced anti-phishing, automated investigation and response).
What it replaces: Mimecast, Proofpoint, Barracuda, or similar email security gateways.
One care provider we worked with was paying £96,000 a year for Mimecast while their Microsoft licence already included equivalent email security capabilities. The Mimecast contract was routing all email through a third party gateway before it reached Exchange Online, adding complexity without adding protection that Microsoft did not already provide.
E5 includes: Microsoft Defender for Endpoint (next generation antivirus, endpoint detection and response, automated investigation, attack surface reduction).
What it replaces: Sophos, CrowdStrike, SentinelOne, Trend Micro, or similar endpoint protection platforms.
Defender for Endpoint is not the basic Windows Defender that comes with consumer Windows. It is a full enterprise endpoint protection platform that consistently ranks alongside CrowdStrike and SentinelOne in independent testing.
E5 includes: Microsoft Purview Information Protection (sensitivity labels, automated classification, data loss prevention across email, SharePoint, OneDrive, and Teams).
What it replaces: Varonis, Titus, Boldon James, or similar data classification tools.
A nursing home group we supported was paying £114,000 a year for a third party classification tool that operated separately from Microsoft 365. Staff had to think about classification in one system and handle documents in another. Moving to Microsoft Information Protection meant classification happened natively inside the tools people already used, with labels designed specifically for care data categories.
E5 includes: Microsoft Defender for Identity (formerly Azure ATP) and Defender for Cloud Apps (formerly Cloud App Security), providing behavioural analytics, lateral movement detection, and cloud application monitoring.
What it replaces: Darktrace, Vectra, or similar network detection and response tools.
E5 includes: Microsoft Purview Compliance Manager, eDiscovery, audit logging, communication compliance, records management, and insider risk management.
What it replaces: Standalone compliance platforms, third party archiving (Mimecast archive, Global Relay), and manual compliance tracking.
E5 includes: Intune Endpoint Analytics and Microsoft Viva Insights, covering device health reporting, application reliability, and user experience metrics.
What it replaces: Nexthink, Lakeside SysTrack, or similar digital experience monitoring tools.
This does not need to be complicated. A thorough licence audit for a care organisation can be completed in a few days with the right approach.
Go through your finance records and identify every recurring software payment. Include everything: Microsoft licences, third party security tools, backup services, archiving, monitoring tools, and any SaaS products. Do not rely on memory. Pull bank statements and credit card records if necessary. Shadow IT, where individual managers have signed up for tools independently, is common in care organisations.
For each product, write down in plain language what it does. "Scans email attachments for malware." "Monitors network traffic for threats." "Classifies sensitive documents." "Protects endpoints from viruses." You are building a functional map, not a product catalogue.
Compare your functional map against what your current Microsoft licensing tier provides. If you are on Microsoft 365 Business Premium, you already have Defender for Office 365, Intune, Conditional Access, and basic data loss prevention. If you are on E3, you have a broader set of compliance tools. If you moved to E5, you would gain the full security and compliance stack described above.
Microsoft publishes detailed comparison tables for each licensing tier. Your Microsoft partner or IT provider should be able to map your current subscriptions against what is included.
This is where the savings become visible. Highlight every third party tool whose core function is already covered by your Microsoft licence, or would be covered if you upgraded to E5. Be honest about whether the third party tool provides genuinely unique capabilities that Microsoft does not replicate, or whether it simply does the same thing through a different interface.
For each overlap, note down the annual cost of the third party tool, the cost difference between your current Microsoft tier and E5 (if an upgrade is needed), and the net saving. Include the management overhead of running multiple vendor relationships and multiple renewal cycles, not just the licence cost itself.
Before making any changes, review the contract and renewal terms for each third party product. Note cancellation notice periods, early termination penalties, and renewal dates. The most cost effective approach is to align changes with natural contract end dates so you are not paying for overlap longer than necessary.
Consolidation is not always the right answer. Here is when it works well, and when it does not.
You are paying for clear overlaps. If you have Mimecast running alongside Defender for Office 365, that is duplicate email security. If you have Sophos alongside Defender for Endpoint, that is duplicate endpoint protection. These are the clearest wins.
You can upgrade to E5 and still save money. The upgrade from E3 to E5 costs roughly £15 to £18 per user per month depending on your agreement. If your third party tools cost more than this uplift across your user base, the numbers work. For a 500 user organisation paying £200,000 a year in third party security tools, moving to E5 might cost an additional £90,000 to £108,000 in Microsoft licensing but eliminate the entire £200,000 in third party spend.
You want a unified security view. Running security tools from five different vendors means five different dashboards and five different alert formats. When everything runs through the Microsoft security stack, an email threat can automatically trigger an endpoint investigation and flag a compromised identity, all in one console.
You want to simplify vendor management. Seven vendor contracts means seven renewal negotiations and seven support escalation paths. One licensing agreement is simpler to manage, simpler to budget for, and simpler to hold accountable.
A third party tool provides genuinely unique capability. Some organisations have specialist requirements that Microsoft does not cover well. Highly regulated environments with specific archiving obligations, organisations with complex multi-cloud setups, or providers using niche tools that serve a purpose Microsoft does not address.
Your organisation is too small for E5 to be cost effective. A single care home with 15 users on Business Premium may find that the few third party tools they use are cheaper than upgrading everyone to E5. The maths depends on the size of your organisation and the cost of the tools you would replace.
You are mid-contract with significant exit penalties. If a third party vendor has you locked in for another two years with steep early termination fees, it may make more sense to plan the transition for the natural contract end date rather than paying to exit early.
This is where many organisations hesitate. Switching security tools in a live care environment feels risky. But phased migration, done properly, eliminates that risk.
Run parallel first. Before decommissioning any third party tool, configure its Microsoft replacement and run both systems side by side. Test that the Microsoft tool detects the same threats, applies the same policies, and generates the same visibility. Only once you are confident in the replacement do you switch off the original.
Align with contract renewals. The most practical approach is to map each third party tool's contract end date and plan the migration to match. This was exactly the approach used in the £481,000 consolidation, where the transition was phased over three years to align with each vendor's renewal cycle. At no point was the organisation running without coverage in any category.
Start with the easiest wins. Email security consolidation is typically the simplest migration. Endpoint protection is next. Data classification and network monitoring are more complex and should come later in the sequence, once the team is confident with the Microsoft platform.
Right-size your frontline licences. Not everyone needs E5. Care workers who use a tablet for shift notes and rotas may only need an F3 or F5 licence. Administrators and compliance staff who handle sensitive data and need the full security suite get E5. Getting this mix right can save tens of thousands annually. Our Microsoft 365 guide for care homes covers licensing tiers in more detail.
Communicate with staff. In most cases, staff will not notice any difference in their day to day experience. The changes happen behind the scenes. But it is worth communicating that the organisation is consolidating its security tools, particularly if any visible interface changes are involved.
A licence consolidation does not change your Cyber Essentials obligations, but it can make meeting them simpler. When all your security controls run through one platform, demonstrating compliance with the five technical controls becomes a matter of pulling reports from a single dashboard rather than gathering evidence from multiple vendors. The security capabilities in Microsoft E5 directly support every Cyber Essentials control: firewalls (Defender Firewall policies via Intune), secure configuration (Intune compliance policies), access control (Conditional Access and MFA), malware protection (Defender for Endpoint), and patching (Windows Update for Business).
Every pound a care organisation spends on a duplicate software licence is a pound that could be spent on care. That is not a theoretical argument. When a care group saves £481,000 a year by consolidating its licensing, that money becomes available for staffing, training, equipment, and the things that directly affect the quality of care people receive.
Licence sprawl is fixable. It takes a clear audit, honest assessment of what you are paying for versus what you actually need, and a phased plan to consolidate where the overlaps are obvious. The technology to do this already exists inside your Microsoft licence. The question is whether anyone has taken the time to look.
If you are not sure where to start, our managed IT service includes licence auditing and optimisation as part of how we work with care providers. We review what you are paying for, identify what is already included in your Microsoft licensing, and build a phased plan to eliminate the overlaps without disrupting care delivery. The savings go back into your organisation, where they belong.