The Two Layers of Copilot Requirements
Microsoft 365 Copilot has two distinct requirement layers that must both be satisfied before a user can deploy and use the product. The first is the commercial licence layer — acquiring the correct base Microsoft 365 subscription and the Copilot add-on licence. The second is the technical prerequisites layer — ensuring the infrastructure, identity, and data governance configurations are in place to support AI-powered features across the Microsoft Graph.
Most procurement decisions focus exclusively on the first layer and assume the second will be addressed during deployment. In practice, technical prerequisites often surface infrastructure debt — Exchange hybrid configurations, legacy SharePoint architectures, perpetual Office installations — that adds weeks or months to deployment timelines and, in some cases, additional cost. Understanding both layers before signing the licence commitment is essential for realistic deployment planning.
Commercial Licence Requirements: Qualifying Base Licences
Microsoft 365 Copilot is not available as a standalone product. It requires a qualifying base licence to be purchased first, and the Copilot add-on at $30 per user per month is layered on top. The full list of qualifying base licences includes:
- Microsoft 365 E1, E3, E5 (commercial)
- Microsoft 365 F1, F3 (frontline worker plans)
- Microsoft 365 Business Basic, Business Standard, Business Premium
- Microsoft 365 Apps for Business, Microsoft 365 Apps for Enterprise
- Office 365 E1, E3, E5
- Microsoft 365 A3, A5 (education)
- Microsoft Teams Essentials, Teams Enterprise
The breadth of qualifying licences is commercially important: it means that organisations on E1 can technically purchase Copilot — but the functional experience will be considerably reduced compared to E3 or E5 deployments. Copilot's AI capabilities are built on top of the data and services available in the base licence, so an E1 estate with limited compliance and governance tooling will produce a fundamentally different (and more limited) Copilot experience than an E5 estate with the full Microsoft Graph data available.
The E3 Deployment Path
Microsoft 365 E3 at approximately $36/user/month is the most common baseline for enterprise Copilot deployments. E3 provides the full Microsoft 365 application suite, Exchange Online Plan 2, SharePoint Online, Teams, and foundational compliance features through Microsoft Purview (E3 boundary). Microsoft has published a dedicated Copilot admin guide for E3 deployments, reflecting the volume of E3-based implementations. At E3 plus Copilot, the combined list price is approximately $66/user/month before EA discounts. The primary limitation at E3 is the compliance boundary: advanced Purview capabilities such as eDiscovery Premium, Communication Compliance, and Insider Risk Management require E5 Compliance, which is not included in E3.
The E5 Deployment Path
Microsoft 365 E5 at approximately $57/user/month adds the full Microsoft security stack (Defender XDR, Entra P2 identity protection) and advanced compliance capabilities to the E3 foundation. E5 is the most complete base licence for Copilot deployments where sensitive data governance is a priority. The advanced Purview capabilities in E5 enable Copilot to operate safely across classified content — sensitivity labels flow into Copilot outputs, restricting how AI-generated content can be shared or processed. E5 plus Copilot at list price is approximately $87/user/month. Microsoft field teams are actively converting E5 plus Copilot customers to the new E7 bundle at renewal.
E7: Copilot Included at the SKU Level
The 2026 addition to this landscape is Microsoft 365 E7 at $99/user/month, which bundles E5, the $30 Copilot add-on, Agent 365 (AI agent orchestration and management), and the Entra Suite into a single SKU. For organisations at E5 who have or intend to deploy Copilot, E7 eliminates the separate Copilot add-on requirement and is positioned as the new top-tier enterprise Microsoft 365 licence. The M365 SKU stack in 2026 runs E1 → E3 → E5 → E7, with E7 as the ceiling. If your Microsoft account team is still describing E5 as "the top tier," they are presenting an outdated view of the product portfolio.
Not sure which base licence makes sense for your Copilot deployment?
Our Microsoft licensing advisory team provides independent SKU-level analysis for enterprise buyers.Technical Prerequisites: What Must Be in Place Before Deployment
Beyond the commercial licence, Microsoft specifies a set of technical prerequisites that must be satisfied for Copilot to function as designed. These prerequisites are not optional — they are operational requirements that determine whether Copilot can access the data and services it needs to generate accurate, contextually relevant outputs.
Exchange Online as the Primary Mailbox
Microsoft 365 Copilot requires that a user's primary mailbox is hosted in Exchange Online, not Exchange on-premises or in a hybrid configuration where the primary mailbox resides on-premises. Copilot uses mailbox content — emails, calendar events, meeting metadata, and contact relationships — as a foundational data source for summarisation, drafting, and scheduling features. Users whose primary mailbox is on-premises will not have access to Copilot's email and calendar intelligence features, and in some configurations, Copilot may not activate at all.
For organisations still running Exchange hybrid with on-premises primary mailboxes, the prerequisite path to full Copilot deployment includes either migrating primary mailboxes to Exchange Online or operating in a degraded Copilot mode that excludes email and calendar features. This is a significant infrastructure consideration that frequently delays Copilot rollouts in financial services, manufacturing, and public sector organisations where Exchange migrations have been deferred for compliance or operational reasons.
Microsoft Entra ID (Azure Active Directory)
Every Copilot user must have a Microsoft Entra ID account — the identity service formerly known as Azure Active Directory. This is a baseline requirement for the entire Microsoft 365 cloud ecosystem, so most enterprise organisations already meet this prerequisite. However, organisations that use Active Directory on-premises only, or that rely on third-party identity providers without Entra ID federation, will need to configure Entra ID as part of the Copilot deployment project. The level of Entra P1 or P2 available (determined by the base licence tier) affects specific Copilot features, particularly around conditional access policies that govern how Copilot can process sensitive content.
Current Microsoft 365 Apps (Not Perpetual Office)
Copilot's in-application features — the Copilot side pane in Word, the formula assistance in Excel, the presentation builder in PowerPoint, the email drafting in Outlook — require current Microsoft 365 Apps rather than perpetual Office installations such as Office 2016, Office 2019, or Office 2021. Organisations with a mixed estate that includes perpetual Office licences alongside Microsoft 365 subscriptions will find that users on perpetual Office cannot access the in-application Copilot features, even if they have the Copilot add-on licence assigned.
This is a surprisingly common deployment blocker. Many organisations that have Microsoft 365 subscriptions also maintain a cohort of users on perpetual Office licences — often in controlled environments, shared workstations, or departments that have not completed a Microsoft 365 deployment. Conducting an Office version audit before committing to Copilot licences allows you to size the perpetual-to-cloud migration effort accurately.
Microsoft Teams for Meeting Intelligence Features
Copilot's meeting intelligence capabilities — including real-time meeting transcription, intelligent recap, action item extraction, and follow-up generation — require that meetings are conducted through Microsoft Teams. The base requirement is Teams with transcription enabled, which in turn requires that tenant-level meeting policies permit transcription. Organisations that have restricted transcription through Microsoft 365 compliance policies (common in financial services, legal, and healthcare) will need to evaluate whether those policies can be scoped to permit Copilot transcription for specific user groups.
Purview and Data Governance Readiness
While not a hard technical prerequisite for Copilot activation, Microsoft Purview data governance configuration is strongly recommended before enterprise-wide Copilot deployment and is required for safe operation in regulated industries. Copilot accesses content from across the Microsoft 365 estate — SharePoint, OneDrive, Exchange, Teams — using the same permissions the user has. This means that a user with inadvertent access to confidential SharePoint content (common in organisations with broad "Everyone" permissions) can ask Copilot to summarise or analyse content they were not intended to see.
Completing a SharePoint permission audit, implementing sensitivity labels through Purview, and configuring information protection policies before Copilot deployment prevents data oversharing incidents that have become the primary governance concern associated with enterprise AI deployments. This work is typically a four-to-eight-week project for a 5,000-seat organisation and should be scoped as a pre-deployment workstream, not an afterthought.
Feature Differences: E3 vs E5 Copilot Experience
The base licence tier does not affect whether Copilot can be purchased, but it significantly affects the Copilot experience in practice. At E3, Copilot operates with the information protection and compliance tools available in the E3 base — sensitivity labelling with standard Purview capabilities, DLP policies at the basic tier, and retention policies. At E5, Copilot benefits from advanced sensitivity classification, auto-labelling policies, privileged access management, and the full eDiscovery capability set. For organisations in regulated industries, the E5 Copilot experience is materially better from a governance and auditability standpoint.
From a security standpoint, E5 base licences provide Copilot with Entra P2 conditional access controls that allow granular policies governing when and how Copilot can process content based on device compliance state, location, and risk signals. This is especially relevant for organisations with a BYOD device estate, where the ability to restrict Copilot processing on unmanaged devices is an important security control not available at E3.
Common Prerequisite Gaps Found in Enterprise Deployments
Based on deployments across the enterprise client base, the most frequently encountered prerequisite gaps are: Exchange hybrid with on-premises primary mailboxes (most common in organisations that completed partial Exchange Online migrations), perpetual Office installations co-existing with Microsoft 365 Apps, SharePoint permission estates with broad "Everyone" access that create data governance risk before Copilot activation, Teams transcription policies that have been disabled tenant-wide for compliance reasons, and Entra ID configurations that lack the identity protection settings needed for Copilot's advanced security features at the E5 level.
Addressing these gaps before licence commitment — rather than after — is the single most effective way to accelerate Copilot deployment and ensure that licences begin generating value immediately after purchase. A 30-day prerequisite assessment prior to any Copilot EA negotiation is standard practice for organisations working with independent Microsoft licensing advisory specialists and significantly reduces deployment delays.
For a complete understanding of the broader Copilot licensing landscape, visit the Microsoft Copilot Licensing Guide 2026 or explore all Microsoft resources via the Microsoft Knowledge Hub.