Microsoft Purview Licensing: E3 vs E5 vs Standalone Add-On

Microsoft Purview: The Compliance Platform That Grew Too Complex to Navigate

Microsoft Purview is the umbrella brand covering Microsoft's data governance, compliance, and risk management tools — consolidated from what was previously branded as Microsoft Information Protection, Microsoft Compliance Center, and Azure Purview. The rebrand in 2022 simplified the marketing but complicated the licensing: Purview now encompasses over 20 distinct capabilities with a licensing model that spans M365 E3 inclusions, M365 E5 bundles, standalone compliance add-ons, and Azure-billed data governance services — making it one of the most opaque licensing areas in Microsoft's portfolio.

The commercial risk for enterprise buyers is acute: Microsoft's account teams consistently use Purview compliance capabilities as a primary justification for E3-to-E5 upgrades — presenting E5's compliance bundle as the only path to capabilities that may in fact be available as cheaper standalone add-ons, or already included in the organisation's current plan. Our Microsoft advisory team regularly finds that organisations can achieve 80% of their compliance requirements at 40–50% of the cost of a full E5 upgrade when standalone Purview add-ons are structured correctly. See the full picture in our Microsoft Knowledge Hub.

What's Included in M365 E3 vs E5: The Compliance Gap Map

M365 E3 includes a meaningful baseline of Purview capabilities: basic Information Protection (sensitivity labels with manual classification), basic Data Loss Prevention (up to 5 custom DLP policies for Exchange, SharePoint, and Teams), Compliance Manager with assessment templates, basic eDiscovery (content search and legal hold), and basic audit logging (90-day log retention). For many organisations' compliance baseline, E3 is sufficient — particularly in regions where regulatory requirements are primarily met through operational controls rather than technical enforcement.

M365 E5 adds the capabilities that genuinely differentiate: advanced Information Protection with auto-classification using trainable classifiers and exact data match; advanced DLP with endpoint DLP covering Windows devices; Insider Risk Management for detecting potential data exfiltration by employees; Communication Compliance for regulated communications monitoring; Advanced eDiscovery with built-in review workflows and predictive coding; Advanced Audit with 1-year log retention and high-value audit events; and Privileged Access Management. The E5 compliance jump costs approximately $12/user/month beyond E3 — but the E5 compliance add-on (standalone, not the full E5) is available at $10/user/month and covers the majority of these capabilities. Before accepting an E5 upgrade proposal, always evaluate the standalone E5 Compliance add-on against your specific requirements with guidance from our advisory team.

Insider Risk Management and Communication Compliance: The E5-Only Trap

Insider Risk Management (IRM) and Communication Compliance are the two Purview capabilities most commonly used by Microsoft's account teams to justify E5 upgrades — and they are genuinely E5-exclusive features with no standalone equivalent. IRM uses machine learning to detect sequences of activity that might indicate data exfiltration, IP theft, or HR violations: accessing large volumes of sensitive files before a resignation date, bulk downloading to USB devices, or sharing confidential data with personal email accounts. Communication Compliance monitors Teams, Exchange, and Yammer communications for regulatory violations, harassment, or policy breaches.

The critical commercial question is not whether these capabilities are valuable — they often are — but whether your organisation's regulatory environment and risk profile genuinely requires them, or whether they are being positioned as aspirational capabilities to justify a licence upgrade that primarily benefits Microsoft's revenue. A financial services firm under FCA or SEC obligations for communications monitoring has a clear business case for Communication Compliance. A manufacturing company with no regulated communications obligation does not. The interaction with Microsoft Purview data governance (the Azure-billed component covering data estate cataloguing and lineage) adds further complexity — Azure Purview is separately priced from the M365 Purview compliance capabilities, and organisations frequently conflate the two when evaluating their compliance spend.

eDiscovery and Advanced Audit: When the Premium Matters

Standard eDiscovery (content search and legal hold) is included in M365 E3. Advanced eDiscovery — which adds built-in review workflows, near-duplicate detection, email threading, predictive coding for large document review sets, and export optimisation for external review platforms — requires E5 or the standalone E5 Compliance add-on. For organisations with regular litigation or regulatory investigation activity, Advanced eDiscovery delivers genuine cost savings in external legal review fees that easily justify its licensing cost.

Advanced Audit is similarly differentiated: the 1-year log retention (versus 90 days in E3) and high-value audit events (including MailItemsAccessed for detecting compromised account data exfiltration) are materially important for incident response and forensic investigation. Organisations that have experienced security incidents and discovered that their 90-day E3 audit log had already rolled over before the investigation window are the most motivated Advanced Audit customers — and the most prepared to pay appropriately for it. For a complete view of Microsoft compliance licensing decisions including their interaction with Microsoft Viva analytics and Teams Premium governance features, explore our Microsoft Knowledge Hub or book a confidential call.