Most of Microsoft Purview is already inside Microsoft 365 E5, or available as the E5 Compliance add-on at around $12 per user per month on top of E3. The two recurring errors are stacking the E5 Compliance add-on on a full E5 that already includes it, and deploying premium capabilities like Insider Risk Management and Communication Compliance estate-wide when only a regulated subset triggers them. Here is the entitlement map and the scoping model.
Purview — Microsoft's data-security and compliance brand covering DLP, Information Protection, eDiscovery, Insider Risk Management, Communication Compliance and records management — is licensed per user, three ways. Baseline DLP and Information Protection ship inside Microsoft 365 E3. The premium tier ships inside Microsoft 365 E5, or as the standalone E5 Compliance add-on (~$12 per user per month) on top of an E3 base. There is also an E5 Information Protection & Governance and an E5 Insider Risk Management add-on for organisations that want only a slice. The trap is that all of these overlap, and buying the add-on on top of full E5 is paying twice for the same entitlement.
The core point: if you own Microsoft 365 E5, you already own the full Purview premium suite. The E5 Compliance add-on belongs on an E3 base only — never on top of E5.
This is a sub-guide in our Microsoft security licensing pillar. It pairs with the Intune and EMS and Sentinel pricing guides, sits under our Microsoft vendor practice, and connects to the suite decision in Microsoft 365 licensing.
The split below is what determines whether you need to buy anything beyond your base suite. Baseline data protection is broad and sits in E3; the high-value, audit-grade capabilities are gated behind E5 or the E5 Compliance add-on.
| Purview capability | E3 | E5 / E5 Compliance |
|---|---|---|
| Manual sensitivity labels & basic DLP | Included | Included |
| Automatic labelling & advanced DLP | — | Included |
| eDiscovery (Premium) | — | Included |
| Insider Risk Management | — | Included |
| Communication Compliance | — | Included |
| Records management & advanced audit | Basic | Advanced |
The ~$12 add-on is excellent value when it sits on an E3 base and the organisation genuinely needs the premium tier. It is pure waste when it sits on a full E5 that already carries every line — a surprisingly common finding because compliance and procurement teams buy independently.
We reconcile your compliance entitlement against the suite you already own — the double-buy is one of the fastest cleanups we run.
Almost never. The premium Purview capabilities are triggered by regulated activity — handling sensitive data, falling under a retention mandate, or being in scope for insider-risk or communication monitoring. A large share of any workforce never touches that activity. Scoping Purview to the regulated personas (finance, legal, R&D, customer-data handlers, executives) rather than the whole estate is the single biggest Purview lever, and it is fully supported by Microsoft's per-user licensing. The mistake is treating Purview as an all-or-nothing tenant-wide switch when it is a per-user entitlement you can target.
| Persona | Premium Purview? | Driver |
|---|---|---|
| Finance & legal | Yes | Records, eDiscovery, Comms Compliance |
| R&D / IP handlers | Yes | Information Protection, Insider Risk |
| Executives & privileged | Yes | Insider Risk, advanced audit |
| General workforce | Baseline (E3) | Manual labels & basic DLP suffice |
| Frontline / shared devices | No | Out of regulated scope |
The Purview overlap map, the regulated-persona scoping model, and the E5-vs-add-on math in one research paper.
Insider Risk Management and Communication Compliance, by a distance. Both carry the heaviest list weight, both are genuinely powerful, and both are routinely switched on tenant-wide when they should be scoped to a defined population — privileged users for insider risk, regulated communicators for communication compliance. Advanced eDiscovery is the next most over-deployed: it is only invoked by legal hold and investigation workflows, so licensing it estate-wide is paying standby cost for a capability a handful of users ever touch. The pattern across all three is the same — premium capability, narrow real population, broad accidental licensing.
"Purview is rarely under-protected. It is over-licensed — the premium tier bought for ten thousand users when fewer than two thousand ever fall in scope."
At the M365 or EA renewal, and whenever a compliance programme expands. The reconciliation — stripping E5 Compliance add-ons that sit on full E5, and re-scoping premium capabilities to the regulated population — typically recovers a meaningful slice of compliance spend with no reduction in actual coverage, because the coverage was never being used by the out-of-scope users. For regulated enterprises the saving funds the genuine compliance investment several times over. Sequence it inside the renewal so the corrected counts feed the negotiation.
For the full picture, read the Microsoft security licensing pillar, then the Intune and EMS and Sentinel pricing sub-guides, and see how compliance right-sizing folds into a full renewal in the Microsoft EA optimization case study.
$1.8B+ in documented client savings across 340+ engagements. Buyer-side only since 2016. Gartner recognised.
Weekly compliance intelligence for IT leaders.