Find wasted licenses, stale access, and offboarding gaps in Microsoft 365

We audit Microsoft 365 environments for ex-employee access, admin sprawl, MFA and control gaps, ownership issues, and license waste, then deliver a practical action plan and fixed-fee implementation if you want it done.

The goal is simple: reduce waste, tighten access, and remove cleanup work that keeps coming back.

Book a scoping call See sample action plan
Microsoft 365 access and admin audits Selected SaaS access reviews AWS and Azure reviews

For teams dealing with recurring access, admin, and offboarding issues

Organizations running Microsoft 365 with employee turnover, contractors, or external collaborators who create recurring access and ownership changes.

Teams with unclear admin ownership, stale access, or offboarding gaps that create avoidable risk, rework, and messy handoffs.

Companies paying for licenses, accounts, or access they likely no longer need, with no clean way to spot waste quickly.

Teams with AWS or Azure environments that also need cleanup, access review, or better baseline control.

Focused audits, fast turnaround, practical output

Start with Microsoft 365. Add selected SaaS or cloud scope only where there is a clear access, control, cost, or cleanup issue.

Primary offer

Microsoft 365 Identity, Access & Admin Audit

Built for Microsoft 365 environments, with adjacent SaaS tools included where they affect access, admin ownership, or offboarding.

We review unused licenses, stale accounts, offboarding leftovers, excessive admin access, guest or external access sprawl, file ownership issues, MFA coverage, and other gaps that create avoidable cost, risk, and rework.

What you get:

  • User and guest access review, including active, inactive, former employee, and contractor accounts
  • License review, including unused seats, wrong tiers, and redundant subscriptions
  • Admin role and permissions review, focused on privileged access, role sprawl, and ownership clarity
  • Baseline identity control review, including MFA coverage, guest access controls, and obvious sign-in hygiene gaps
  • Offboarding and ownership transfer review, focused on lingering access and handoff failures
  • File ownership and sharing review, including obvious transfer and access issues
  • Prioritized action plan with issue, action, risk, effort, owner, and expected savings
  • 20-minute walkthrough call
Scope: Up to 100 users, Microsoft 365 plus up to 2 adjacent tools
Turnaround: 2 to 3 business days
Fee: $750
Book call to scope

Cloud Access & Cost Review

For AWS or Azure. Other clouds on request.

We review your cloud environment for idle or underused resources, obvious rightsizing opportunities, IAM and access issues, misconfigurations, missing budgets or alerts, and other cleanup opportunities that affect cost and control.

What you get:

  • Resource and spend review, focused on top waste drivers and quick wins
  • Rightsizing and cleanup opportunities, including obvious idle resources
  • IAM and access review, including over-permissive roles and unused identities
  • Guardrails review, including budgets, alerts, and baseline hygiene controls
  • Prioritized action plan with issue, action, effort, owner, and savings estimate
  • 20-minute walkthrough call
Scope: One cloud provider, up to 3 accounts
Turnaround: 5 to 7 business days
Fee: $1,200
Book call to scope

Google Workspace and other SaaS environments are available on request where there is a clear access, admin, or cleanup problem. You keep full control. We use least-privilege access where possible and can work from exports when needed. Access is removed after delivery.

Most clients have us implement the fixes

The audit tells you exactly what needs to change. Implementation means we make those changes for you, instead of leaving a backlog for your team or MSP to get to later.

License and Account Cleanup

Remove stale users, reclaim or reassign licenses, clean up guest access, fix file ownership, and make sure the environment reflects who actually works there.

Access and Admin Hardening

Reduce unnecessary access, tighten privileged roles, improve MFA coverage, document ownership, and move the environment closer to least privilege.

Offboarding Workflow Fixes

Fix joiner, mover, and leaver gaps so access is removed on time, files are transferred properly, and future offboarding does not create the same mess again.

Cloud Cleanup and Guardrails

Remove idle resources, rightsize obvious waste, tighten cloud access, and put basic budgets and alerts in place.

Scoped after the audit Fixed fee based on what was found
Typical range $3,000 to $10,000 depending on scope
Timeline 1 to 2 weeks from audit completion

Examples include smaller cleanup around $3,000, mid-scope implementation around $5,000, and larger environment cleanup around $7,500 to $10,000.

Talk about implementation

What we do not provide

We focus on audits, cleanup, hardening, and implementation projects. We are not a day-to-day support desk or a general MSP replacement.

No help desk queue. We do not handle routine user tickets, password resets, mailbox troubleshooting, or break-fix support.

No device support. We do not manage printers, laptops, desktops, or general endpoint support as an outsourced IT team.

No generic Microsoft 365 admin coverage. We do not act as a day-to-day tenant admin for routine changes and user requests.

No broad do-everything IT retainer. We stay focused on access, admin ownership, cleanup, hardening, and selected cloud control work.

The deliverable is a practical action plan, not vague advice

You receive a prioritized action plan covering every finding: the issue, the exact action to take, risk level, effort, owner, and estimated annualized savings where relevant. Clear enough to hand to your IT team or MSP, or for us to execute directly.

Sample rows only. Actual findings depend on environment size, access model, and tool stack.

System Finding Recommended Action Effort Owner Risk Annual Savings Notes
Microsoft 365 12 stale accounts from former employees Disable accounts and reclaim licenses Low Admin High $2,880 Confirm offboarding list
Microsoft 365 3 users with Global Admin where only 1 is needed Reduce admin roles to least privilege Low IT Lead High N/A Document role ownership
Microsoft 365 18 unassigned licenses Remove unused seats Low Admin Low $4,320 Confirm user list
Selected SaaS Former employee still owns shared files and external access remains unclear Transfer ownership and review sharing and access Medium Admin Medium N/A Validate destination owner
AWS Idle EC2 instances and unattached volumes Terminate or snapshot after dependency check Low Engineering Low $5,400 Verify dependencies first
Request a sample deliverable

Simple process, minimal disruption

1

Scope call

We confirm tools, user count or cloud footprint, access method, and whether the audit is likely to be worth doing. Usually 15 to 20 minutes.

2

Audit delivery

You receive the action plan within the stated turnaround, complete with findings, risk levels, effort, and expected savings where relevant.

3

Implement

We either apply the changes directly or hand off a clean implementation plan to your team or existing MSP.

Case studies

Recent systems work relevant to access cleanup, identity control, and infrastructure execution. Client names and sensitive details are redacted by default.

Access cleanup and file ownership control for a multi-department organization

Client type: Mid-sized nonprofit / support services organization
Problem: Files and access were spread across departments in a way that made ownership unclear, created oversharing risk, and added manual work whenever someone needed onboarding, access changes, or offboarding.
What was done: Rebuilt the permission structure using shared drives and role-based groups, migrated files out of personal storage, and documented access and provisioning workflows.
Outcome: Clearer department boundaries, less permission confusion, easier onboarding, and a stronger foundation for future offboarding and access governance.

Cloud migration and HTTPS hardening for a web application stack

Client type: Small software company
Problem: The company needed to move infrastructure from Azure to OVH with minimal disruption, while also tightening HTTPS setup and stabilizing post-migration operations.
What was done: Migrated the Laravel application and SQL database, configured SSL and DNS, enforced HTTPS, and replicated VMs with load balancing.
Outcome: More stable post-migration operations, a secure HTTPS baseline, and lower implementation risk during the transition.

FAQ

Do you only work in Microsoft 365?

No. Microsoft 365 is the primary focus because that is where access, admin, and offboarding issues show up most often for the teams we work with. We also take selected SaaS and cloud work where there is a clear access, admin, or cleanup problem.

What does a stale account or access issue actually look like?

Examples include a former employee whose account is still active and billable, a contractor who still has file access they no longer need, too many users with admin rights, or a former employee who still owns important files.

Do you replace our MSP or internal IT team?

No. We focus on audits, cleanup, hardening, and implementation projects. If you already have an MSP or internal IT team, we can work alongside them, hand over a clear action plan, or implement the agreed fixes directly.

Do you implement the findings?

Yes. Most clients use the audit first, then have us implement the fixes as a separate fixed-fee project.

Do you need admin access?

Not always. We prefer read-only or least-privilege access, and in some cases we can work from exports.

What if you do not find enough value?

If we do not find at least 2x the audit fee in savings or cleanup value, we refund the full audit fee.

Not sure what is sitting in Microsoft 365, your core SaaS stack, or your cloud environment?

Book a scoping call. You will know within 15 minutes whether the audit is worth doing, what the likely findings are, and exactly what it will cost.

Book a scoping call

Or email [email protected]