Microsoft Purview Licensing Guide: E5 Compliance, Add-Ons, and What You Actually Need

Why Purview Licensing Requires Independent Analysis

Microsoft Purview unifies what was previously branded as Microsoft 365 Compliance, Azure Purview, and a collection of standalone compliance add-ons into a single product family. The rebrand, completed in 2023, addressed a genuine product positioning problem — Microsoft's compliance tools were fragmented across four separate licensing families — but it also created a new licensing complexity that has become one of the most frequently misunderstood areas in enterprise M365 procurement.

The fundamental licensing challenge is that Purview's most valuable capabilities — Advanced eDiscovery, Insider Risk Management, Communication Compliance, and advanced records management — are gated behind the E5 Compliance boundary. Microsoft's field teams are incentivised to pitch wall-to-wall E5 Compliance licensing for all users, at $12 per user per month, as the simplest path to compliance capability deployment. But most enterprise environments require E5 Compliance features for a fraction of their user population — typically legal, compliance, HR, and IT roles — not for every knowledge worker in the organisation.

Right-sizing Purview licensing requires understanding precisely what each capability requires at the user level, what is available through targeted add-ons rather than the full E5 Compliance bundle, and how the September 2025 rebrand of E5 Compliance to the Purview Suite changes the purchasing options available to your organisation.

The Purview Licensing Architecture: E3, E5, and Beyond

Purview capabilities are licensed across four layers: M365 E3 baseline, M365 E5 Compliance (now branded as Purview Suite), targeted add-on licences, and consumption-based services for high-volume data processing. Understanding which capabilities sit at each layer is the prerequisite for any cost optimisation decision.

What M365 E3 Includes

M365 E3 provides a meaningful baseline of Purview capabilities that covers the compliance requirements of most standard knowledge workers. E3 includes basic sensitivity labels through Microsoft Purview Information Protection, allowing organisations to classify and label documents and emails with predefined sensitivity classifications. E3 includes manual DLP policies for Exchange Online, SharePoint, and OneDrive based on predefined sensitive information types. E3 includes basic records management with manual retention labels applied through SharePoint and OneDrive. E3 includes standard audit logs with 90-day retention, basic eDiscovery search and export, and Microsoft Purview Compliance Manager for regulatory assessment tracking.

For organisations whose compliance requirements centre on basic data classification, manual DLP policy enforcement, and standard regulatory reporting, E3 provides adequate Purview coverage. The critical boundary is where automation, advanced classification, and high-sensitivity user activity monitoring are required — these capabilities uniformly require E5 Compliance or Purview Suite licensing.

What E5 Compliance (Purview Suite) Adds

E5 Compliance adds the advanced Purview capabilities that are required for regulated industries, organisations subject to legal hold and litigation discovery, and environments with high insider risk exposure. The key additions over E3 are:

• Advanced eDiscovery: Machine learning-based document review, custodian management, legal hold management, export review sets, and predictive coding for litigation and regulatory investigation. Basic eDiscovery search and export in E3 does not support advanced review workflows or machine learning classification.
• Insider Risk Management: AI-driven detection of high-risk user behaviour patterns, including data exfiltration, policy violations, and departing employee activity. Insider Risk Management is a per-user capability that analyses signals from across M365 to identify anomalous activity patterns. It requires E5 Compliance licensing for every user included in an Insider Risk policy.
• Communication Compliance: Machine learning-based review of communications across email, Teams, and Viva Engage for policy violations including regulatory non-compliance, harassment, and information barriers. Communication Compliance requires E5 Compliance for supervisors conducting review; the users whose communications are monitored also require E5 Compliance licensing.
• Advanced Audit: Extended audit log retention (up to one year, extendable to ten years with add-on), higher audit event granularity, and audit log search APIs for integration with SIEM platforms. Standard E3 audit logs retain 90 days of activity with limited event types.
• Advanced Information Protection: Automatic sensitivity labelling using trainable classifiers and machine learning, default sensitivity labels for SharePoint sites, mandatory labelling policy enforcement, and Double Key Encryption for highest-sensitivity scenarios.
• Customer Lockbox: Requiring explicit customer approval before Microsoft support engineers can access tenant data during support operations. Required for organisations in regulated sectors where data access must be audited and approved.

The September 2025 Rebrand: E5 Compliance → Purview Suite

As of September 2025, Microsoft rebranded the E5 Compliance add-on as the Microsoft Purview Suite. This is not a simple name change — it reflects a broader restructuring of how Microsoft positions and sells its compliance capability, with implications for both new purchasers and existing customers.

What Changed for New Purchasers

E5 Compliance is no longer available for purchase as a new SKU for organisations that do not currently hold it. New purchasers access the same compliance capabilities through the Purview Suite SKU, which requires M365 E3 as a prerequisite and is available as a per-user add-on at pricing equivalent to the former E5 Compliance add-on. The Purview Suite also bundles access to Purview data governance capabilities for data estates beyond M365 — Azure storage, multi-cloud data catalogues, and generative AI data governance — which were previously associated with the Azure Purview product.

What Remains the Same for Existing Customers

Existing EA customers who hold E5 Compliance in their current agreement can continue using and renewing those licences under the existing SKU until their EA term expires. The capability set is unchanged. The commercial consideration is whether to renew E5 Compliance or transition to the Purview Suite SKU at the next renewal — a decision that should be evaluated based on whether the broader Purview data governance capabilities included in the Purview Suite add commercial value for the specific organisation.

Targeted Add-On Options: Avoiding the E5 Compliance Wall

For organisations that need one or two specific E5 Compliance capabilities but not the full suite, Microsoft provides targeted add-ons that allow precise capability acquisition without requiring full E5 Compliance licensing for every user. Understanding these add-ons is the key to avoiding over-spend on compliance features that most users will never use.

M365 E5 Information Protection and Governance

This add-on provides advanced information protection capabilities — automatic labelling, trainable classifiers, advanced records management, and advanced DLP policy configuration — for users who need enhanced data classification and protection without requiring the full E5 Compliance bundle. It is the appropriate add-on for content management, records management, and data governance roles that work with sensitive information but do not conduct legal investigations or insider risk monitoring.

M365 E5 Insider Risk Management

This add-on provides the Insider Risk Management capability as a standalone purchase, enabling organisations to deploy Insider Risk policies for specific high-risk user populations — IT administrators, executives, employees with access to highly sensitive data — without licensing all users for the full E5 Compliance bundle. Insider Risk Management is most valuable in regulated sectors (financial services, healthcare, defence) and for roles with elevated data access. For standard knowledge workers, the risk profile does not justify the cost of wall-to-wall Insider Risk licensing.

M365 E5 eDiscovery and Audit

This add-on provides Advanced eDiscovery capabilities and extended audit log retention as a targeted purchase for legal, compliance, and IT security roles who conduct investigations or manage litigation holds. The eDiscovery and Audit add-on is appropriate for the legal team and compliance function — typically 50 to 200 users in a 5,000-user enterprise — rather than for the entire organisation.

Communication Compliance Add-On

Communication Compliance can be added to E3 users as a standalone capability for organisations that need supervisory review of communications in regulated sectors — financial services firms subject to FINRA supervision requirements, healthcare organisations managing communication policies, and organisations with formal employee communications monitoring programmes.

The E5 Compliance Over-Licensing Problem

The most common Purview licensing mistake in enterprise environments is purchasing E5 Compliance — or now the Purview Suite — for all users because it is simpler than assessing compliance requirements by user role. Microsoft's field teams are trained to position E5 Compliance as the default compliance answer, and many IT and compliance teams accept this positioning without independently validating whether the full E5 Compliance capability set is needed across the entire user population.

The Real Per-User Compliance Requirement

In a typical 5,000-user enterprise, the realistic E5 Compliance user population breaks down as follows. Legal and compliance roles — perhaps 50 to 100 users — require Advanced eDiscovery, Communication Compliance, and Advanced Audit. IT security and DLP administrators — 20 to 50 users — may require advanced Information Protection and Insider Risk Management capabilities. Executive and senior leadership roles — 50 to 100 users — may be covered by Insider Risk policies. All other users require E3 baseline compliance coverage, which is already included in their M365 E3 licence.

For 5,000 users at $12 per user per month for E5 Compliance, the annual spend is $720,000. For 200 users genuinely requiring E5 Compliance features, the cost drops to $28,800 per year — a saving of $691,200 annually. This saving requires the organisation to conduct a formal compliance requirements mapping by user role, which Microsoft's field team will not proactively suggest.

The E5 Shelfware Pattern

Organisations that have upgraded to wall-to-wall E5 or M365 E5 to access security capabilities frequently find that the E5 Compliance component represents significant shelfware. Advanced eDiscovery is used by the legal team of fewer than 50 users. Insider Risk Management has been deployed for a handful of high-risk roles. Communication Compliance has never been activated. The $12 per user per month E5 Compliance component is being paid for 5,000 users to enable features that 4,800 of them will never access.

The right-sizing question at E5 renewal is whether to maintain wall-to-wall E5 or to right-size to E3 plus targeted add-ons for the compliance-active user population. This decision must account for the True-Up implications of reducing the contracted count, the transition complexity of moving users from E5 to E3, and any contractual obligations in the current EA that restrict count reductions.

Purview for AI and Generative AI Workloads

The integration of Microsoft 365 Copilot and AI agent capabilities into the M365 stack has created a new compliance dimension that the E5 Compliance framework was not originally designed to address. As AI systems access, process, and generate content across the M365 estate, the compliance and governance requirements around AI-generated content, AI data access controls, and AI interaction logging have become active purchasing considerations.

AI Hub in Microsoft Purview

Microsoft Purview AI Hub, available as part of the Purview Suite with an M365 Copilot licence, provides visibility into AI interactions across the tenant — which users are using Copilot, what types of content are being accessed and generated, and whether Copilot interactions are exposing sensitive data. AI Hub requires E5 Compliance or Purview Suite licensing for the users whose AI interactions are being governed, in addition to the M365 Copilot licence.

For organisations that have adopted M365 Copilot and need to demonstrate AI governance — a requirement that is increasingly expected by regulators in financial services, healthcare, and critical infrastructure sectors — Purview's AI governance capabilities provide a native compliance overlay that does not require a separate vendor relationship. The cost of this overlay must be assessed against the incremental licensing required to enable it.

M365 E7 and Purview

Microsoft 365 E7 — the new top SKU above E5, launched at $99 per user per month for general availability from May 2026 — includes M365 E5, which bundles both E5 Security and E5 Compliance. For organisations moving to E7 to access Copilot and Agent 365 capabilities, the E5 Compliance component of E7 is included in the bundle cost, changing the calculation for whether additional Purview add-ons are needed. E7 does not, however, eliminate the fundamental question of whether all E7 users genuinely require E5 Compliance features — it simply means the marginal cost of the E5 Compliance component for E7 users is zero within the bundle.

Negotiating Purview Licensing in the EA

Purview licensing, like all M365 add-ons, is negotiable within the EA framework — but only if the buyer presents a well-supported position based on genuine compliance requirements. Microsoft's field teams are trained to defend E5 Compliance pricing using the complexity argument: if you licence E5 Compliance for everyone, you eliminate the management overhead of tracking compliance licence assignments. This argument has administrative merit but no commercial logic — the management overhead of assigning targeted add-ons to 200 users is minimal, while the cost saving is hundreds of thousands of dollars annually.

Compliance Requirements Mapping as Negotiation Evidence

The strongest negotiating position for Purview right-sizing is a documented compliance requirements mapping that identifies which Purview capabilities are required for which user roles, supported by utilisation data from the Microsoft Purview compliance portal showing which capabilities are actively used and by how many users. Microsoft cannot argue against utilisation data showing that Advanced eDiscovery is used by 47 users out of a contracted 5,000 as a justification for E5 Compliance licensing for all 5,000.

Timing and Leverage

Purview right-sizing is most effectively negotiated at EA renewal rather than mid-term. Reducing the contracted E5 Compliance user count at renewal requires demonstrating that the reduction reflects genuine compliance requirements, not cost-cutting that will leave the organisation exposed to compliance risk. Frame the right-sizing conversation as compliance architecture optimisation — the organisation is ensuring that every compliance licence is assigned to a user with a genuine compliance role, reducing shelfware and improving the accuracy of the compliance licence baseline. Engage Microsoft licensing advisory specialists who have conducted this type of Purview right-sizing negotiation before and can benchmark your target licence counts against what comparable organisations have successfully negotiated.

Seven Recommendations for Purview Licensing in 2026

1. Map Compliance Requirements by User Role Before Renewal: Conduct a formal compliance requirements mapping that identifies which users genuinely require each E5 Compliance capability. Legal, compliance, IT security, and high-risk administrative roles are the typical E5 Compliance population — everyone else should be assessed against E3 baseline coverage before defaulting to E5 Compliance licensing.

2. Review Utilisation Data in the Purview Compliance Portal: The Microsoft Purview compliance portal provides activity data for Advanced eDiscovery cases, Insider Risk policies, Communication Compliance reviews, and Advanced Audit queries. Pull this data before renewal to establish a factual baseline for how many users are actively using each E5 Compliance capability. This data is the foundation of any right-sizing negotiation.

3. Evaluate Targeted Add-Ons Against the Full E5 Bundle: For compliance functions that need one or two E5 Compliance capabilities rather than the full bundle, price the relevant targeted add-ons (eDiscovery and Audit, Insider Risk Management, Information Protection and Governance) against the full E5 Compliance add-on cost for the specific user population. In most cases, targeted add-ons are commercially superior for organisations with clear, narrow compliance requirements.

4. Understand the E5 Compliance End-of-Sale Implications: E5 Compliance is no longer available for new purchases as of September 2025. Existing customers can renew but should understand that the Purview Suite SKU represents the forward purchasing path. Evaluate whether the additional data governance capabilities in the Purview Suite (cross-cloud data governance, generative AI governance) add value to your organisation before committing to the Purview Suite as your renewal SKU.

5. Assess AI Governance Requirements Explicitly: If your organisation has deployed M365 Copilot and faces regulatory requirements around AI governance, data access logging, or AI interaction review, assess whether Purview AI Hub capabilities are required and which users need them. Do not assume that Copilot licensing automatically covers all compliance requirements associated with AI use — it does not.

6. Consider the E5-to-E7 Transition Carefully: If your organisation is evaluating M365 E7 — the new top SKU above E5 at $99 per user per month — understand that E7 includes E5 Compliance features as part of the bundle. For users who would have required E5 Compliance add-ons, E7 may represent a cost-neutral or cost-positive licensing change when the Copilot and Entra Suite components are also valued. Model this comparison independently before accepting Microsoft's framing.

7. Negotiate Purview as Part of the Broader EA: Purview licensing negotiated as a standalone add-on receives worse commercial terms than Purview negotiated as part of the overall EA renewal. Bundle your compliance licensing commitments into the EA renewal package and use your total contract value as leverage for per-unit concessions on the Purview add-ons you do need. Engage a specialist in Microsoft EA negotiation who can benchmark your target Purview pricing against current market terms and negotiate on your behalf.

In one engagement, a 20,000-seat organisation on Microsoft 365 E5 assumed the full Purview Suite was included in their licence. An audit revealed they were using Advanced eDiscovery for two use cases that could have been served by the E3 Content Search capability. Redress remodelled their compliance architecture and identified $420,000 per year in licence redundancy from E5 seats assigned to users whose compliance requirements were E3-level.