Microsoft sells Copilot at $30/user/month. What they do not prominently display is the stack of prerequisite licences, infrastructure readiness, data governance preparation, and security configurations that must be in place before Copilot delivers value. This guide maps every layer of the real cost.
Part of the Microsoft Advisory resource library. For full M365 cost analysis, see M365 Licensing Cost 2026. For add-on details, see M365 Add-On Guide.
Microsoft's Copilot sales pitch is simple: $30/user/month, add it to your M365 subscription, and your organisation gets AI-powered productivity. The reality is substantially more complex. Copilot is not a standalone product. It is a capability layer that sits on top of a fully configured, properly governed, correctly licensed Microsoft 365 environment. Without the prerequisite stack in place, Copilot either will not function, will function poorly, or will function in ways that expose sensitive data.
This guide maps every prerequisite requirement across seven layers: base licensing, identity and access, data governance, network and infrastructure, device readiness, security configuration, and change management. Each layer has licensing implications that add to the true per-user cost.
"Every Copilot deployment we have assessed has the same pattern: the $30 add-on licence was approved in a week, and the 60 to 90 days of prerequisite work that makes it actually useful was either unknown, underestimated, or unfunded. Copilot without readiness is a $30/month subscription to disappointment."
Copilot requires a qualifying Microsoft 365 base licence. Not every M365 plan qualifies, and the base licence you choose determines both the Copilot features available and the all-in cost per user.
Microsoft 365 Copilot requires one of the following base licences per user: Microsoft 365 E3 ($36/user/month list) providing full Copilot in desktop and web Office apps, Teams, and Outlook. Microsoft 365 E5 ($57/user/month list) providing full Copilot plus advanced security and analytics features that enhance Copilot capabilities. Microsoft 365 Business Standard ($12.50/user/month list) providing Copilot in web and mobile Office apps, Teams, and Outlook. Microsoft 365 Business Premium ($22/user/month list) providing full Copilot with enhanced security baseline. Office 365 E3/E5 qualifies, but without Windows, Intune, or identity management features.
Microsoft 365 F1 and F3 (frontline worker plans) are not eligible for Microsoft 365 Copilot. Frontline workers on F-series licences cannot receive Copilot. If your organisation needs Copilot for any frontline role, those users must be upgraded to at least Business Standard or E3, a 4 to 16x increase in per-user base cost. Office 365 E1 does not qualify. E1 users must upgrade to E3 minimum ($26/user/month increase). Standalone Office apps (Office 2021, Office LTSC) do not qualify. Copilot requires cloud-connected M365 apps, not perpetual licence versions. See our F1 vs F3 Frontline Guide for the frontline implications.
| Base Licence | List Price | + Copilot | All-In Base + Copilot | Copilot Eligible? |
|---|---|---|---|---|
| M365 Business Standard | $12.50 | $30.00 | $42.50 | Yes |
| M365 Business Premium | $22.00 | $30.00 | $52.00 | Yes |
| M365 E3 | $36.00 | $30.00 | $66.00 | Yes |
| M365 E5 | $57.00 | $30.00 | $87.00 | Yes |
| M365 F1 | $2.25 | - | - | No |
| M365 F3 | $8.00 | - | - | No |
| O365 E1 | $10.00 | - | - | No |
| O365 E3 | $23.00 | $30.00 | $53.00 | Yes |
The base licence choice matters beyond price. E5 users get better Copilot outcomes because E5 includes Entra ID P2 (better identity signals for Copilot context), Defender for Endpoint P2 (security controls for Copilot data access), and Power BI Pro (Copilot in Power BI). On E3, these capabilities are missing or require separate add-ons that increase the all-in cost further.
Copilot accesses data through the Microsoft Graph, which means it can see everything a user has access to: emails, files, chats, meetings, SharePoint sites, and OneDrive content. This makes identity and access management not just a security concern but a Copilot readiness requirement. If your permissions are over-provisioned (as they are in most enterprises), Copilot will surface sensitive data to users who should not see it.
Minimum: Entra ID P1 (included in M365 E3). Provides conditional access policies and multi-factor authentication to secure Copilot access.
Recommended: Entra ID P2 (included in M365 E5, or $9/user/month add-on to E3). Adds Privileged Identity Management and Identity Protection. These are critical for controlling which admin and elevated-privilege accounts can use Copilot with access to sensitive organisational data. Without Entra ID P2: no identity risk signals, no just-in-time privilege elevation, no automated access reviews.
This is the most underestimated Copilot prerequisite. In a typical enterprise, SharePoint permissions have accumulated over years of site creation, team formation, and one-off sharing. Users often have access to far more content than they need or realise. Without Copilot, this over-permissioning creates theoretical risk. With Copilot, it creates practical risk, because Copilot actively surfaces content from everything a user can access.
Before deploying Copilot, conduct a permissions audit across SharePoint, OneDrive, Teams, and Exchange. Identify and remediate: broadly shared sites (shared with "Everyone except external users"), stale sharing links, broken inheritance on sensitive document libraries, and over-provisioned group memberships. Without this audit, Copilot becomes a data exposure tool rather than a productivity tool.
Copilot respects Microsoft Purview sensitivity labels and Data Loss Prevention (DLP) policies. If your organisation has not implemented these controls, Copilot has no guardrails on what it surfaces, summarises, or includes in generated content.
Included in E3: Basic sensitivity labels and manual classification.
Included in E5 (or add-on $7/user/month): Auto-labelling, trainable classifiers, exact data matching, and advanced DLP policies that Copilot will honour.
Sensitivity labels applied to documents control whether Copilot can reference that content in responses. DLP policies prevent Copilot from including regulated data (PII, financial records, health information) in generated content. Retention labels ensure Copilot does not surface deleted or expired content. Without labelling: Copilot treats all content equally, including confidential board materials, M&A documents, and HR files.
Implementing sensitivity labels across an enterprise is a 30 to 60 day project (classification taxonomy, policy configuration, user training, auto-labelling rules). This must be completed before Copilot deployment, not after. Organisations that deploy Copilot without data governance in place discover the problem when a user asks Copilot to "summarise recent leadership discussions" and receives a summary that includes confidential compensation data, acquisition targets, or disciplinary proceedings.
Copilot processes requests through Microsoft's Azure OpenAI infrastructure. This requires reliable, low-latency connectivity to Microsoft 365 cloud endpoints.
Bandwidth: No specific per-user bandwidth requirement published, but Copilot increases M365 API calls significantly. Plan for a 10 to 20% increase in M365 network traffic.
Latency: Sub-100ms latency to Microsoft 365 endpoints for responsive Copilot interactions.
Proxy and firewall: Copilot endpoints must be whitelisted. Web proxies that inspect M365 traffic may need bypass rules for Copilot API calls.
Connectivity principles: Direct internet egress for M365 traffic (no backhauling through centralised proxies) per Microsoft's published connectivity guidance.
Most organisations that have already optimised their M365 network connectivity for Teams and Exchange Online meet the Copilot requirements without additional infrastructure changes. The exception: organisations using legacy web proxies that inspect all HTTPS traffic, which can add 200 to 500ms latency to Copilot interactions and degrade the user experience significantly.
Copilot requires current Microsoft 365 apps and supported operating systems. Microsoft 365 Apps: Current Channel or Monthly Enterprise Channel. Semi-Annual Enterprise Channel receives Copilot features with delay. LTSC versions do not support Copilot. Windows: Windows 10 (22H2+) or Windows 11. Earlier Windows 10 versions have limited Copilot functionality. macOS: macOS 13 Ventura or later for full Copilot support in Office for Mac. Mobile: iOS 16+ and Android 13+ for Copilot in Outlook and Teams mobile apps. Web: Copilot in Office for the web works in current versions of Edge, Chrome, Safari, and Firefox. Not supported: Office 2021, Office 2019, Office LTSC, Office perpetual licence versions, Windows 8.1, macOS 12 or earlier.
The application channel requirement is critical. Organisations running Semi-Annual Enterprise Channel (SAEC) for stability will receive Copilot features 6 to 8 months after Current Channel. If your deployment strategy uses SAEC, Copilot users must be moved to Current Channel or Monthly Enterprise Channel, creating a split-channel management overhead. Evaluate whether this complexity is justified for your Copilot deployment scope.
If your organisation is running Windows 10 devices approaching end-of-support, Copilot deployment may require a hardware refresh or Windows 11 upgrade. Windows 11 hardware requirements (TPM 2.0, Secure Boot, specific CPU generations) disqualify many devices purchased before 2018. For a 5,000-user organisation where 30% of devices do not meet Windows 11 requirements, budget $750K to $1.5M for device refresh. This cost dwarfs the Copilot licence itself but is a real prerequisite cost that must be included in deployment budgeting.
Copilot amplifies both productivity and security risk. The following security configurations are not technically required but are functionally essential for responsible deployment.
Conditional Access policies: Restrict Copilot to managed devices, compliant devices, and approved locations. Prevent Copilot usage from unmanaged personal devices where organisational data could leak.
Data Loss Prevention: DLP policies in Exchange, SharePoint, and Teams that prevent Copilot from including sensitive data types in generated content. E5 includes advanced DLP; E3 includes basic DLP.
Microsoft Defender for Cloud Apps: Monitor Copilot usage patterns, detect anomalous data access, and enforce session policies. Included in E5; $3.50/user/month add-on for E3.
Audit logging: Microsoft Purview audit logs capture Copilot interactions for compliance and investigation purposes. Standard audit is in E3; Advanced Audit (longer retention, more events) is in E5.
Information barriers: Prevent Copilot from surfacing data across departmental boundaries where Chinese walls are required (financial services, legal, M&A). Requires E5 or E5 Compliance add-on.
To achieve the recommended security baseline for Copilot on an E3 licence, you need: Entra ID P2 ($9), Defender for Cloud Apps ($3.50), and potentially Purview Information Protection advanced ($7). That is $19.50/user/month in security add-ons on top of the $30 Copilot fee and $36 E3 base, bringing the true cost to $85.50/user/month. At this level, M365 E5 ($57) + Copilot ($30) = $87 is equivalent and includes far more features.
For any Copilot deployment requiring the full security baseline, E5 is the correct base licence. E3 + security add-ons reaches $85.50/user/month. E5 + Copilot reaches $87/user/month. For $1.50 more per user per month, E5 includes Power BI Pro, Phone System, Advanced Audit, eDiscovery, and numerous additional features that the E3 add-on path does not provide. The maths clearly favours E5 for Copilot-eligible users.
This is the prerequisite that has no licensing cost but determines whether the licensing investment delivers ROI. Copilot is not a tool that users adopt intuitively. It requires training on how to write effective prompts, understanding of what data Copilot can and cannot access, and new workflow habits that take 30 to 60 days to develop.
Enterprise Copilot adoption data from the first 18 months of availability shows a consistent pattern: 60 to 70% of licensed users try Copilot in the first week, usage drops to 30 to 40% by week four, and stabilises at 25 to 35% of licensed users generating regular, meaningful interactions by month three. The remaining 65 to 75% of licences are generating little to no value.
This adoption curve means the effective cost per productive Copilot user is 2.5 to 4x the per-licence cost. If you licence 1,000 users at $30/month and 300 achieve consistent productive usage, your effective cost is $100/productive user/month. The antidote: deploy Copilot only to roles with demonstrated use cases (content creation, data analysis, email management, meeting summarisation), provide structured training programmes specific to each role's Copilot use cases, and measure adoption at 30/60/90 days with the explicit willingness to reassign licences from low-usage to high-potential users.
Organisations with the highest sustained adoption (40 to 50% of licensed users) invest in Copilot Champions programmes: 2 to 5% of users trained as internal Copilot experts who create role-specific prompt libraries, run lunch-and-learn sessions, and provide peer support. The Champions programme has no licensing cost but requires 5 to 10 hours/month per champion in time investment. Budget this as a real cost in your deployment plan.
The most cost-effective Copilot deployment strategy is: (1) Identify 8 to 10% of your workforce in high-ROI roles (content producers, analysts, executives with heavy email/meeting load). (2) Deploy Copilot with structured role-specific training. (3) Measure adoption and productivity impact at 30/60/90 days. (4) Expand only to roles demonstrating measurable return. (5) Reassign licences from low-usage users. This approach keeps the effective cost per productive user below $120/month versus $200+ with blanket deployment. See our CIO Copilot Adoption Playbook.
Combining all seven prerequisite layers, here is what Copilot actually costs per user at each base licence level.
| Cost Component | On E3 Base | On E5 Base |
|---|---|---|
| Base licence | $36.00 | $57.00 |
| Copilot add-on | $30.00 | $30.00 |
| Entra ID P2 (if needed) | $9.00 | Included |
| Defender for Cloud Apps | $3.50 | Included |
| Purview Info Protection advanced | $7.00 | Included |
| Monthly per-user licence cost | $85.50 | $87.00 |
| Annual per-user licence cost | $1,026 | $1,044 |
The E3 and E5 paths converge at nearly identical all-in costs ($85.50 vs $87.00) when Copilot security prerequisites are included. The E5 path is clearly superior because it includes additional features (Power BI Pro, Phone System, Advanced Audit, eDiscovery) that E3 does not, for only $1.50/user/month more.
For Copilot-eligible users: M365 E5 + Copilot ($87/user/month at list; $68 to $76 at EA rates). E5 provides the security and governance prerequisites that Copilot needs without add-on stacking.
For non-Copilot users: M365 E3 ($36/user/month at list; $28 to $33 at EA rates). No Copilot add-on, no security add-on stack needed.
For frontline workers: M365 F1/F3 ($2.25 to $8/user/month). Not Copilot-eligible, which is appropriate for these roles.
This segmented approach produces a blended cost of $38 to $52/user/month for most enterprises versus $87+ for blanket E5 + Copilot. For a 10,000-user organisation, that is the difference between $4.56M and $10.44M annually. The segmentation discipline alone saves $5.88M per year. See our M365 Licensing Cost 2026 guide for the full optimisation framework.
Copilot in Teams provides meeting summarisation, action item extraction, and real-time conversation assistance. It requires a base M365 licence with Teams included (E3, E5, Business Standard, Business Premium) plus the Copilot add-on.
Teams Premium ($10/user/month) overlaps with Copilot in Teams for meeting intelligence features. If you deploy Copilot, Teams Premium's AI meeting features are largely redundant. Do not purchase both for the same users unless you specifically need Teams Premium's branded meeting templates or advanced webinar capabilities, which Copilot does not replicate. That is $40/user/month for overlapping AI capabilities. See the M365 Add-On Guide.
Copilot in Power BI requires a Power BI Pro licence (included in E5, or $10/user/month add-on to E3) plus the Copilot add-on. Power BI Free users cannot use Copilot in Power BI even if they have a Copilot licence. This is a frequently missed prerequisite: organisations that deploy Copilot to analysts on E3 without adding Power BI Pro discover that Copilot's data analysis capabilities are unavailable.
Copilot in core Office apps requires the base M365 licence and Copilot add-on with no additional prerequisites beyond the seven-layer readiness stack described above. However, Copilot in Excel's advanced data analysis features (formula generation, pivot table creation, trend analysis) perform significantly better with structured data in Excel tables rather than raw cell ranges. This is a data readiness issue, not a licensing issue, but it directly impacts the perceived value of the Copilot investment.
The web-based Microsoft 365 Copilot experience (chat interface at microsoft365.com/copilot) accesses your Microsoft Graph data through natural language queries. This requires the full Copilot add-on and a qualifying base licence. The experience is distinct from the free Copilot (Bing Chat) which does not access organisational data. Ensure users understand the difference. Using free Copilot for work queries provides no organisational context and may send proprietary prompts to Microsoft's consumer AI service.
Copilot availability varies by Microsoft cloud environment. In GCC, Copilot is available with a delayed release timeline (typically 3 to 6 months behind commercial). In GCC High, availability is limited and further delayed. In DoD, Copilot is not currently available. Government organisations should confirm Copilot availability in their specific environment before budgeting or negotiating Copilot licensing. See the GCC Government Licensing Guide for environment-specific details.
For regulated industries (financial services under SEC/FINRA, healthcare under HIPAA, legal under attorney-client privilege), the data governance prerequisites described in Layer 3 are not optional. They are regulatory requirements. Deploying Copilot without sensitivity labels, DLP policies, and information barriers in these industries creates compliance exposure that extends well beyond Microsoft licensing.
Copilot should always be negotiated as a separate commercial event from your base EA, with its own pricing, terms, and exit provisions. Here are the five negotiation points that matter most.
1. Independent pricing. Do not let Microsoft bundle Copilot into your blended EA rate. Insist on a separate line item with a defined per-user price that can be independently adjusted at each EA anniversary.
2. Annual exit rights. The ability to reduce or eliminate Copilot seats at each EA anniversary without penalty. Standard EA terms may lock you into the Copilot commitment for the full three-year term. Exit rights protect you if adoption falls below expectations.
3. Pilot pricing. Negotiate a 90-day pilot at 50 to 75% of the full rate for your initial deployment cohort. If the pilot demonstrates ROI, commit at the negotiated full rate. If not, exit without penalty.
4. Ramp commitments. Rather than committing to your full intended deployment upfront, negotiate a ramp: 500 seats in Year 1, expanding to 1,500 in Year 2 and 3,000 in Year 3, at the same per-seat rate throughout. This protects you from over-committing before adoption data is available.
5. No base-EA linkage. Microsoft may offer better Copilot pricing if you also increase your base EA commitment or add Azure MACC. Evaluate these offers on their own merits. Do not accept a base EA price increase to fund a Copilot discount. The maths often nets out against you. For complete EA negotiation strategy, see our EA Negotiation Strategies guide.
You need a qualifying base licence (Microsoft 365 E3, E5, Business Standard, or Business Premium) plus the Microsoft 365 Copilot add-on at $30/user/month. Microsoft 365 F1, F3, Office 365 E1, and standalone/perpetual Office licences do not qualify. The true all-in cost is $66 to $87/user/month depending on your base licence and security add-ons needed.
Yes, M365 E3 is a qualifying base licence for Copilot. However, E3 lacks several features that enhance Copilot functionality and security: Entra ID P2 (identity risk signals), Defender for Cloud Apps (Copilot usage monitoring), advanced DLP (content guardrails), and Power BI Pro (Copilot in Power BI). Adding these to E3 costs $19.50/user/month, bringing E3 + security + Copilot to $85.50, nearly identical to E5 + Copilot at $87. For Copilot users, E5 is the more efficient base.
No. Microsoft 365 F1 and F3 (frontline worker plans) are not eligible for Microsoft 365 Copilot. Frontline workers who need Copilot must be upgraded to at least M365 Business Standard ($12.50) or M365 E3 ($36), plus the $30 Copilot add-on. This represents a 4 to 16x increase in base licensing cost. Evaluate whether the productivity gains justify the upgrade for specific frontline roles before committing. See the F1 vs F3 Frontline Guide for detailed frontline analysis.
Yes, substantially. Before Copilot deployment, you need: (1) permissions audit and remediation across SharePoint, OneDrive, Teams, and Exchange (2 to 4 weeks), (2) sensitivity label implementation and auto-labelling policies (2 to 4 weeks), (3) DLP policy configuration for Copilot-generated content (1 to 2 weeks), (4) conditional access policies for Copilot-enabled users (1 week), (5) application channel updates to Current or Monthly Enterprise Channel (1 to 2 weeks), and (6) change management and user training programme (2 to 4 weeks). Total readiness timeline: 60 to 90 days for enterprise deployment.
The Copilot add-on is $30/user/month at list ($23 to $28 at EA rates). But the true all-in cost including the required base licence and recommended security prerequisites is $66 to $87/user/month at list or $53 to $76 at EA rates. Factor in that only 25 to 35% of licensed users achieve sustained productive adoption, and the effective cost per productive user is $150 to $300/month. Deploy selectively to high-ROI roles to keep the effective cost reasonable. See the M365 Licensing Cost 2026 guide.
No. Copilot is not included in any Microsoft 365 plan. It is always a separate add-on at $30/user/month on top of the base licence. E5 provides the best foundation for Copilot (identity, security, governance features included) but does not include the Copilot licence itself. This is one of the most common misconceptions about Copilot licensing.
Generally no. Copilot in Teams provides AI meeting summaries, action items, and conversation intelligence that overlaps significantly with Teams Premium's intelligent meeting recap feature. Teams Premium ($10/user/month) adds branded meeting templates, advanced webinar capabilities, and meeting protection (watermarking, sensitivity labels on meetings). If you only want the AI meeting features, Copilot alone is sufficient. If you need the branding and webinar features, Teams Premium adds value. But confirm you are not paying $40/user/month for overlapping AI capabilities. See the M365 Add-On Guide.
Our Microsoft practice assesses Copilot readiness across all seven prerequisite layers, identifies the true all-in cost for your specific environment, and negotiates Copilot terms independently of your base EA, with no Microsoft partnership or referral revenue.
Microsoft Advisory ServicesIndependent Microsoft licensing advisory. Copilot readiness assessment. EA negotiation. 100% vendor-independent.