Topic hub · Microsoft 365 for businesses
Microsoft 365 (formerly Office 365) is the most productive tool set in the mid-market — but also the one most prone to license over-spend, tenant sprawl, and shadow IT. arades GmbH advises you as a Microsoft Partner and Cloud Solution Provider (CSP) across all Microsoft 365 levers: license audit, tenant architecture, adoption of Copilot and Teams, security with Defender and Purview, and NIS2 compliance. Fixed-price packages, no hourly billing.
Microsoft 365 advisory — definition
Since the rename from Office 365 in April 2020, Microsoft 365 has been more than an office suite. It is an integrated platform of productivity apps (Word, Excel, PowerPoint, Outlook), communication services (Microsoft Teams, Exchange Online), document management (SharePoint Online, OneDrive), identity management (Microsoft Entra ID), security (Microsoft Defender, Microsoft Purview), endpoint management (Microsoft Intune), and — in the higher plans — Windows licenses.
For the mid-market that means: a Microsoft 365 decision is always also an identity, security, and endpoint decision. Anyone buying Microsoft 365 as "Office in the cloud" typically gives away 30–60% of the value — and often misses compliance requirements such as the NIS2 directive, which has applied in Germany since December 2025.
Honest Microsoft 365 advisory covers four areas:
Three advisory formats
We deliver Microsoft 365 advisory in three clearly bounded formats at fixed prices. You choose the format that fits your maturity and investment readiness.
1 day of audit, written report within 5 business days. Content: license inventory analysis (E3 vs. E5 vs. Business Premium), audience group mapping, add-on optimization, comparison against Microsoft list prices, three concrete measures with expected savings.
Fixed price on request · Delivery: 5 business days
2 to 3 days on-site or online. Content: license strategy over 3 years, tenant architecture review, identity and security roadmap, Copilot adoption plan, NIS2 gap analysis with measures list, written roadmap.
Fixed price on request · Delivery: 2–3 weeks
Quarterly Microsoft 365 architecture reviews as a recurring service. For companies wanting continuous architecture discipline — license-mix review, evaluating new Microsoft features, checking tenant hygiene, measuring adoption.
Quarterly price on request
License optimization · main approach
The central question in every Microsoft 365 advisory engagement is not "which product" but "which product for which audience group". Microsoft distinguishes three main groups in licensing:
Microsoft 365 Business Basic (around €5 per user/month) only delivers web and mobile Office apps plus Microsoft Teams, Exchange and 1 TB OneDrive — suitable for frontline workers without a fixed desk. Microsoft 365 Business Standard (around €11) adds desktop apps. Microsoft 365 Business Premium (around €23) combines the Business Standard tools with Windows 11 Pro, Microsoft Intune, Microsoft Defender for Business and Microsoft Entra ID P1 — the sweet spot for mid-market companies with 50 to 300 employees.
Office 365 E1/E3/E5 are the plans without a Windows bundle. Microsoft 365 E3 (around €35) corresponds to Business Premium functionality at enterprise scale — without the 300-user cap, with Microsoft Entra ID P1 and Defender for Endpoint Plan 1. Microsoft 365 E5 (around €55) adds advanced security (Defender for Endpoint Plan 2, Defender for Identity, Defender for Office 365 Plan 2), compliance (Purview Information Protection P2, Insider Risk Management) and analytics (Power BI Pro).
Microsoft 365 F1 (around €2.25) and F3 (around €8.15) are explicitly designed for staff without a fixed workplace. F3 includes web Office apps, Teams, an Exchange mailbox with 2 GB, SharePoint read access. In mixed workforces, separating knowledge workers (E3/Business Premium) from frontline (F3) is the central savings lever — playing this through typically reduces Microsoft 365 costs by 25 to 45%.
We don't make this decision generically but based on your audience groups and actual usage profiles. The Microsoft 365 licensing, pricing and cost hub contains the detailed calculation logic; the License Cost Calculator (licenses.arades.de) the transparent live calculation per license, add-on and term.
The most common mistakes · what we regularly see in audits
We often see tenants where 100% of users are licensed on Microsoft 365 E5, even though 40% of them are frontline workers (warehouse, workshop, field service) for whom F3 (around €8) would suffice. The difference: €47 per user per month. With 80 affected users: €45,000 per year in unnecessary spend.
From three Defender/Purview add-ons upwards, E5 starts winning against E3 plus add-ons. But some companies add the add-ons individually over the years without seeing the total. In the audit we uncover the break-even point user by user.
Microsoft Entra ID P1/P2 includes Conditional Access — the central tool for modern identity security. We see tenants with not a single active Conditional Access policy, or with policies that contain only "MFA for external accounts". That is not NIS2 compliant.
Global Admin and Exchange Admin permissions are permanently assigned in many tenants instead of being activated just-in-time with Microsoft Entra Privileged Identity Management (PIM). That is not only an NIS2 finding but a concrete attack risk.
Microsoft 365 Copilot costs around €30 per user per month — additive to the Microsoft 365 license. Anyone buying 50 licenses without systematic adoption (prompt coaching, use-case collection, champion program) will see in Microsoft Usage Analytics after three months that 35 of 50 users are using Copilot less than once per week.
Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Purview Audit, Microsoft Sentinel — all present in the higher plans, yet often left unconfigured. In the audit we create the measures list; in the strategy workshop, the roadmap; in the implementation engagement, the execution.
Four advisory profiles · usable individually
Some engagements need the full breadth (audit, strategy, implementation). Many engagements only need one clearly bounded focus. We've translated our Microsoft 365 advisory into four standalone service profiles that can be booked individually or in combination.
We take inventory of the current Microsoft 365 license stock, map every user account to audience groups (knowledge workers, frontline, external consultants, service accounts), and check plan by plan: who actually needs E5, who comes out cheaper on E3 plus two add-ons, which frontline staff are unnecessarily on Business Premium, and where duplicated add-ons are visible. We compare your current state against Microsoft list prices and the License Cost Calculator, document the savings potential per user, and deliver a three-year roadmap aligned with the Microsoft 365 licensing, pricing, and cost logic.
Typical savings result: 18 to 35% off the existing Microsoft 365 spend, with no functional reduction.
Delivery: written audit report within 5 business days · fixed-price package on request
Buying the licenses is the easy half — the hard half is driving actual usage. In this profile we build power-user programs, define champion roles per department, establish monthly use-case workshops, document prompt libraries for Microsoft 365 Copilot, and measure adoption via Microsoft Usage Analytics. Focus areas: using Copilot productively in Word, Excel, Outlook, and Teams; Microsoft Teams governance (naming, lifecycle, privacy defaults); SharePoint Online as a knowledge platform rather than a file-server clone. Further reading: Copilot Adoption — details and rollout patterns.
Typical result: active Copilot usage rises from 25% to 70% of licenses, measured over 90 days.
Delivery: 90-day rollout program · fixed-price package on request
In the higher plans, Microsoft 365 already contains all the tooling for an NIS2-compliant security baseline — most of the time it simply is not configured. In this profile we harden Microsoft Entra ID (Conditional Access policies, multi-factor authentication, Privileged Identity Management), activate Microsoft Defender for Endpoint and Microsoft Defender for Office 365 with best-practice profiles, establish Microsoft Purview Information Protection (sensitivity labels, DLP policies), configure Microsoft Sentinel or Microsoft Defender XDR for incident response, and document every measure taken for the NIS2 authority evidence file. Deep dive in the service profile: Compliance & NIS2 — quick assessment and measures list.
Typical result: Microsoft Secure Score moves from a typical 35–45% to 75–85%, documented NIS2 measures.
Delivery: hardened tenant + measures documentation · fixed-price package on request
Most mid-market companies do not operate Microsoft 365 in pure form, but in hybrid configurations: Exchange Hybrid (on-prem and online in parallel), Hybrid Active Directory with Microsoft Entra Connect, local file servers for ERP integrations and machine connectivity, and SCCM for desktop management alongside Microsoft Intune for mobile devices. In this profile we assess your hybrid setup architecturally, document synchronization paths, plan identity consolidation, and develop a phased target architecture — without cloud dogma. Further reading: Azure and Entra ID — identity strategy and Zero Trust.
Typical result: documented hybrid architecture, clear migration phase plan over 12 to 24 months.
Delivery: architecture document + roadmap · fixed-price package on request
Size-based scaling · from 10 to 1,000+ employees
Microsoft 365 for 10 employees is a different product from Microsoft 365 for 1,000. Honest advisory adapts to actual size and IT maturity — we don't sell an enterprise architecture workshop to an 18-person craft business, nor do we sell a 5-day quick audit to a 600-employee industrial mid-cap with three subsidiaries.
Typical starting point: Microsoft 365 was bought on a tax advisor's recommendation, often Business Standard for everyone. No dedicated IT lead, external IT service provider handles end devices.
Recommended profiles: Profile A (license optimization, 1 day) and Profile C (security baseline, 2 to 3 days). Strategy workshop rarely needed.
Typical levers: separating knowledge workers and frontline (F3 instead of Business Standard), MFA enforcement, Conditional Access for management. NIS2 is usually not directly applicable, but indirectly via supply-chain obligations.
First engagement often a Quick Audit · fixed price on request
Typical starting point: IT lead in place (1 to 3 people), Microsoft 365 productive but grown without strategy. Several plans in parallel, Conditional Access partially active, Defender unconfigured. NIS2 typically applicable.
Recommended profiles: Strategy Workshop (2 to 3 days) plus Profile C (security baseline) and Profile B (adoption, if Copilot is being rolled out). Full strategy project typically 6 to 10 weeks.
Typical levers: E3-lift with Defender add-on vs. E5 comparison, Microsoft Entra ID hardening, Microsoft Teams governance, NIS2 measures documented. Hybrid setup with local Exchange or file servers often present.
Strategy workshop or full strategy project · fixed price on request
Typical starting point: Dedicated cloud/Microsoft 365 architects in-house, often several tenants or tenant-of-tenants structures, international subsidiaries, hybrid identity, complex compliance situation (NIS2, ISO 27001, industry-specific obligations).
Recommended profiles: architecture review (Profile D hybrid setup), Architecture-as-a-Service as a recurring service (quarterly reviews), targeted point engagements (tenant merge, Multi-Geo, Copilot Studio strategy).
Typical levers: tenant consolidation after M&A, cross-tenant access settings, Multi-Geo data residency, Microsoft Defender XDR instead of single Defenders, dedicated Copilot Studio use cases.
Architecture-as-a-Service or point engagements · quarterly flat fee on request
Two examples from real engagements · anonymized
Two engagements from recent years — anonymized, because arades GmbH takes client confidentiality seriously. Both examples show the typical path from initial conversation to delivery.
Starting position: Mid-market specialty machine builder with three locations (main plant in southern Germany, sales office in the Ruhr area, service location in Austria). 180 employees, of whom 95 in production/workshop (frontline), 65 knowledge workers (administration, engineering, sales), 20 field service. Inventory: Microsoft 365 Business Premium for everyone, Exchange on-prem still in parallel, local Active Directory with Microsoft Entra Connect, no active Conditional Access policies, Defender for Business partially configured. NIS2 applicable via sector relevance. Initial conversation triggered by a lawyer's NIS2 letter.
Engagement: Strategy Workshop (3 days on-site at the main plant) plus security baseline profile (Profile C, 4 weeks of execution). Focus: NIS2 measures documentation, license optimization, and Microsoft Entra ID hardening.
Result after 8 weeks: 95 workshop staff re-licensed from Business Premium to F3 (frontline plan, around €8 instead of €23 per user per month — saving around €17,000 per year). Conditional Access was activated for all administrative accounts; Privileged Identity Management was set up for three Global Admin accounts; Defender for Endpoint with standardized profiles was rolled out; Microsoft Purview Audit was activated; Microsoft Sentinel was configured with foundational detection rules; and the NIS2 measures list was documented in writing for the upcoming authority enquiry. Microsoft Secure Score moved from 38% to 79%.
Starting position: Owner-managed tax and business advisory firm headquartered in the Rhine-Main region with one branch. 65 employees, of whom 8 partners, 35 advisors/tax assistants (knowledge workers), 20 back office and reception, 2 IT. Inventory: Microsoft 365 E3 for everyone (around €35 per user/month), Microsoft 365 Copilot for 12 partners and senior advisors (around €30 add-on), Microsoft Teams productive, SharePoint Online as the client file repository, highly sensitive GDPR and tax data. Initial conversation triggered by low Copilot usage despite a meaningful investment.
Engagement: Quick Audit (1 day on-site, 5 business days of analysis), plus Profile B (Copilot adoption program over 90 days), plus Profile C (security baseline hardening due to GDPR sensitivity).
Result after 14 weeks: 8 back-office accounts kept on E3 (correct fit); 35 advisor accounts and 8 partner accounts upgraded to E5 (around €55 instead of €35 plus four add-ons bought separately — more economical in the bundle). A Copilot adoption program with three champion roles, monthly use-case sessions, and a firm-specific prompt library for tax and business advisory was launched; active Copilot usage rose from 28% to 73% of licenses over 90 days. Microsoft Purview Information Protection was rolled out with three sensitivity labels (Public, Internal, Client-Confidential), along with DLP policies against external sending of confidential client documents. Microsoft Secure Score moved from 51% to 84%.
Both engagements illustrate how the four advisory profiles combine, fitted to size and compliance situation. We talk through your specific case in the 30-minute initial conversation.
Investment frame · without day-rate games
We work exclusively in fixed-price packages, not on a classic day-rate basis. There are two reasons for that: first, you know your investment up front — no surprises, no overtime mark-ups when "the workshop ran longer". Second, we carry the delivery risk, not you. If the agreed result takes longer than scoped, that is our problem, not yours.
We share the specific fixed price per package on request — depending on headcount, tenant size, audience-group complexity, and delivery pace. Quick Audit engagements are the leanest entry format, Strategy Workshops the mid-tier format, and full strategy projects the most comprehensive. For recurring models (Architecture-as-a-Service) we calculate a quarterly flat fee with a defined hours quota.
The Microsoft 365 licenses themselves are billed separately through the CSP contract (Cloud Solution Provider) — monthly, in euros, with no minimum term beyond the Microsoft NCE rules. You can see the exact price per license transparently in the License Cost Calculator (licenses.arades.de); the detailed logic with audience groups, NCE strategy, annual vs. monthly commitment, and Microsoft list-price comparison is laid out on the licensing, pricing, and cost hub page.
A rule of thumb from recent engagements: Microsoft 365 advisory typically amortizes in the mid-market within 4 to 9 months — measured against ongoing license spend. Example calculation with the License Cost Calculator: if you currently run 150 users uniformly on Business Premium (around €41,400 per year at Microsoft list price), and an audit finds that 60 of them are frontline and belong on F3 (around €28,000 per year in net savings), the audit fixed price pays back within a few months. For security profiles and NIS2 engagements, the ROI is measured in risk avoidance: NIS2 fines of up to €10 million or 2% of annual revenue are real, and documented measures are the legally robust answer.
In the 30-minute initial conversation, we give you a first read — which investment frame is realistic for your tenant and which ROI effect would be expected.
Further reading
Platform overview, six pillars (Apps, Teams, Exchange, SharePoint, OneDrive, Security), license models.
Detailed license comparisons, audience-group logic, NCE strategy, transparent CSP procurement.
Fixed-price audit, EA renewal support, CSP migration. Three audit tiers with a clear delivery promise.
NIS2 quick assessment, EU AI Act framework, GDPR reviews. Pragmatic implementation instead of paper compliance.
From license purchase to actual use — prompt coaching, use-case libraries, KPI-driven rollouts.
Identity strategy, Conditional Access, Privileged Identity Management, pragmatic Zero Trust.
Frequently asked questions on Microsoft 365 advisory
Since April 2020, Microsoft 365 has been the brand name for the cloud productivity suite previously marketed as Office 365. In addition to the classic Office apps, Microsoft 365 includes Windows licenses (in Business Premium and Enterprise E3/E5) and extensive security and compliance functions. Office 365 still exists as a plan name in specific mid-market plans such as Office 365 E1/E3/E5 without a Windows bundle.
At arades, Microsoft 365 advisory services are translated into fixed-price packages: license quick audit, standard audit, full Microsoft 365 strategy project, and recurring models (Architecture-as-a-Service). We share the specific investment per format on request — tailored to tenant size, audience groups, and delivery pace.
Microsoft 365 E5 pays off over E3 as soon as at least three add-ons are needed (Defender for Endpoint Plan 2, Defender for Office 365 Plan 2, Defender for Identity, Purview Information Protection P2, Entra ID P2, Power BI Pro). Customers broadly rolling out Copilot for Microsoft 365 often benefit from E5 thanks to integrated audit logs.
The NIS2 directive has been transposed into German law as of December 2025 and affects around 29,500 German companies. Microsoft 365 technically covers the core NIS2 obligations: multi-factor authentication (Entra ID), endpoint protection (Defender for Endpoint), audit and incident reporting (Sentinel and Purview), and backup and recovery. Advisory covers license choice, configuration of the security baselines, and documentation as evidence for the authorities.
A good Microsoft 365 advisor for the mid-market combines licensing depth (CSP, transparent procurement), security and compliance expertise (NIS2, EU AI Act, GDPR), and a size-appropriate approach. arades GmbH has been a Microsoft Partner since 2007, with a CSP contract, operates the European license cost calculator, and works with a documented implementation methodology.
A Quick Audit delivers a written report within 5 business days following 1 day of discovery. A Strategy Workshop runs 2 to 3 days of discovery plus 2 to 3 weeks of analysis. A full strategy project covering tenant architecture, identity design, security baseline, and adoption plan is typically scoped at 6 to 10 weeks. Architecture-as-a-Service is a recurring service on a quarterly cadence.
We don't work on a day-rate basis — we work in fixed-price packages. We share the specific investment frame on request, tailored to headcount, tenant size, and delivery pace. License procurement is separate and runs through the CSP contract with a monthly consolidated invoice in euros — the License Cost Calculator at licenses.arades.de shows every price transparently, with no hidden margins.
Both are possible. Discovery workshops and audience-group interviews are often most productive on-site (Offenbach, Frankfurt-Rhine-Main, Germany-wide on request, Europe-wide for larger engagements). Tenant configuration, Conditional Access workshops, Copilot adoption coaching, and quarterly reviews routinely run remotely via Microsoft Teams. For engagements from 250 employees upwards we typically recommend two on-site days at the start and one at the close.
Yes — especially in this size class, there is often no dedicated IT lead. A Quick Audit is usually enough to find the right plan mix (Business Standard vs. Business Premium vs. F3 for frontline), classify NIS2 obligations, and harden Microsoft Entra ID correctly. Full strategy projects only become economical from 50 to 80 employees onwards; Architecture-as-a-Service typically pays off from around 100 employees upwards.
Yes — hybrid scenarios are the rule in the mid-market. Typical configurations: Exchange Hybrid with Microsoft Entra Connect, local file servers for ERP integrations and machine connectivity, and SCCM for desktop management alongside Microsoft Intune for mobile devices. Advisory covers the assessment of what actually has to move to the cloud and what sensibly stays on-prem — cloud-by-default is not an end in itself.
Request Microsoft 365 advisory
30 minutes of initial conversation — we'll clarify whether a quick audit, a strategy workshop or Architecture-as-a-Service is the right format. You get a concrete read, usually within one business day.
