What 'a mess' actually costs
The typical inherited tenant: licences still billing for staff who left in 2023, a mix of plans nobody can explain, admin rights scattered like confetti, sharing settings that let anyone forward anything anywhere, no MFA on half the accounts, and a SharePoint that grew like ivy. Two costs follow: the visible one — unused seats and over-specced plans, often hundreds a year in quiet waste — and the dangerous one: permissive defaults are precisely how mailboxes get compromised. Microsoft won't tidy it for you; that's explicitly not their job. It is, however, exactly ours.
What the tidy-up includes
A 365 audit maps what you have (every licence against every human), right-sizes the plans (Premium where the security is needed, Standard where it isn't — mixed licensing is normal and saves money), enforces the security baseline (MFA everywhere, sane sharing, impersonation protection, admin roles rationed), untangles SharePoint into a structure people can actually find things in, and — the step everyone skips — adds real 365 backup, because retention is not backup and a compromised admin can destroy years of data inside Microsoft's rules. It ends documented: what exists, why, and who can change it. Tenants stay tidy when they stop being mysterious.
Frequently asked questions
How much licence waste is typical?
In inherited tenants, meaningful — leaver accounts still licensed and over-specced plans are near-universal. The audit pays for itself embarrassingly often.
Will tightening security disrupt staff?
Minimal and managed — MFA enrolment is a few minutes per person, and we sequence changes so nobody arrives to a locked account. Security that causes chaos is just badly deployed security.
Can you fix a setup another IT company built?
It's most of what we do — audit, tidy, document, and either hand it back healthy or manage it ongoing. No blame theatre; just a clean tenant.