Communication Compliance is Microsoft's supervisory review and communication monitoring capability within Microsoft Purview. It enables organizations to detect, capture, and remediate inappropriate communications across Teams, Exchange, and Yammer — a requirement for regulated industries under FINRA, MiFID II, FCA, and similar frameworks. The licensing model is E5 Compliance territory, and the cost structure is frequently misunderstood.
The central question for most organizations is not whether they need Communication Compliance — regulators make that clear — but how to license it precisely without buying E5 for every employee when only a fraction of users are actually subject to supervisory review policies. This guide addresses that question directly.
The Licensing Baseline for Communication Compliance
Communication Compliance is included in Microsoft 365 E5, Microsoft 365 E5 Compliance (as an add-on to E3), and Office 365 E5. It is not available in E3, Business Premium, or standalone Office 365 plans. The E5 Compliance add-on to E3 is typically the most cost-effective path for organizations that need Communication Compliance without the full E5 suite.
What Communication Compliance Actually Monitors
Before analyzing licensing costs, it's worth being precise about what Communication Compliance scans and what it doesn't. This directly affects how many users you actually need to license.
Communication Compliance policies can monitor:
- Exchange Online email — both sent and received messages, including attachments
- Microsoft Teams — channel messages, private chats, and meeting chat messages
- Yammer / Viva Engage — community posts and private messages
- Third-party sources via connectors — Bloomberg Message, ICE Chat, Slack (if imported via Microsoft data connectors)
- Voice communications — Teams calls (via transcript), if voice transcription is enabled
Communication Compliance does not monitor:
- Phone calls outside the Microsoft ecosystem (PSTN calls without transcription)
- Files stored in SharePoint or OneDrive without a triggering communication event
- On-premises Exchange or Skype for Business (legacy systems)
This scope definition is important: if your supervisory requirement only covers email and Teams communications, you may not need Communication Compliance at all for employees who use only email (Exchange Online E3 includes some basic journaling capabilities). The regulatory question to answer before purchasing: what communications channels must be monitored, and do those channels require Communication Compliance or a simpler control?
Who Needs to Be Licensed: The Supervised User vs. Reviewer Distinction
This is the most important licensing concept in Communication Compliance, and the one most often handled incorrectly by Microsoft account teams.
There are two types of users in a Communication Compliance deployment:
Supervised Users (In-Scope)
These are the employees whose communications are captured and reviewed. In a financial services firm, this typically includes registered representatives, traders, advisors, and anyone who communicates with clients about financial products. Every supervised user must hold an E5 Compliance license (or equivalent).
Reviewers (Compliance Officers)
These are the employees who review flagged communications in the Microsoft Purview portal. Reviewers must also hold an E5 Compliance license — they are users of the compliance portal, which requires the same licensing tier.
Excluded Users
Employees who are neither supervised nor reviewers — back-office staff, IT administrators, facilities teams, etc. — do not need E5 Compliance for Communication Compliance purposes, as long as they are genuinely excluded from all Communication Compliance policies. This is the licensing optimization lever: precisely scoping who is supervised vs. excluded.
Policy Types and Their Licensing Implications
Communication Compliance offers several policy templates, each with different scope implications:
| Policy Type | Primary Use Case | Typical Scope | Licensing Impact |
|---|---|---|---|
| Supervisory Review | Financial services regulatory compliance (FINRA, MiFID II) | Registered reps, advisors, traders | Medium — 20–40% of workforce typical |
| Offensive Language Detection | HR policy enforcement, workplace conduct | All employees or targeted groups | High — may require full tenant licensing |
| Sensitive Information Detection | Data loss prevention via communication monitoring | Departments handling sensitive data | Medium — scope-specific |
| Conflict of Interest Detection | Legal, M&A advisory, compliance | Specific deal teams, legal staff | Low — narrow scope |
| Regulatory Compliance (custom) | Insurance, healthcare, pharmaceutical | Licensed professionals, regulated roles | Medium — role-based scope |
The critical insight from the table: if you need Communication Compliance only for regulatory supervisory review (financial services, legal), the licensing population is typically 15–40% of total employees. If you add offensive language monitoring for all employees (an HR-driven decision), the licensing population expands to 100%. The policy scope decision is, in effect, a licensing cost decision.
Communication Compliance vs. Exchange Online Journaling
Organizations that have historically met supervisory review requirements through Exchange journaling to third-party archiving platforms (Smarsh, Global Relay, Proofpoint, etc.) face a decision when evaluating Microsoft's native Communication Compliance. This comparison is important for licensing analysis.
Exchange Online journaling (available in Exchange Online Plan 2 and above) captures email for archiving purposes. It does not include the policy violation detection, ML-based classification, or Teams monitoring that Communication Compliance offers. Organizations that need only email archiving for regulatory record-keeping can continue using Exchange journaling without moving to E5 Compliance — a significant cost difference.
The case for Communication Compliance over third-party journaling: Microsoft's native monitoring of Teams chats (which third-party archiving tools capture via API with varying reliability), the unified Purview interface for compliance management, and better integration with the broader Microsoft compliance stack. The case against: E5 Compliance licensing cost vs. third-party tool cost, and vendor dependency concentration.
See our Compliance Add-Ons guide for a full comparison of M365 native compliance vs. third-party alternatives.
The "All Users" Policy Trap
Communication Compliance policies default to a wide scope in Microsoft's UI. Compliance administrators who configure policies without explicit in-scope group definitions — selecting "All users" instead of a targeted security group — will license every user in the tenant for Communication Compliance, regardless of their regulatory obligation. This is one of the most common cause of Communication Compliance over-licensing. Every policy must have a precisely defined in-scope group.
Negotiating Communication Compliance in Your EA
Communication Compliance licenses are acquired as part of the E5 Compliance add-on or as part of full E5. The EA negotiation strategy for Communication Compliance-driven E5 Compliance purchases includes several key elements:
Scope Documentation Before Negotiation
Before entering any pricing discussion, document your supervised user population precisely. Provide this to your Microsoft account team as evidence of the licensing count you are purchasing. This prevents the account team from inflating the proposal to full-tenant E5 Compliance based on convenience rather than requirement.
E5 Compliance Add-On vs. Full E5
For organizations on M365 E3 that need Communication Compliance (plus typically Information Barriers, Insider Risk, and Advanced eDiscovery), the E5 Compliance add-on is almost always cheaper than upgrading to full E5 — unless you also need E5 Security and EM+S. Run the math across all compliance features you need, and compare the E5 Compliance add-on bundle against the individual feature add-on cost. See our E3 vs E5 comparison article for the framework.
Negotiate on Annual Commitment, Not Month-to-Month
Communication Compliance seats purchased under an EA should be on annual commitment terms. Month-to-month or quarterly licensing of compliance features is significantly more expensive and undermines EA discount leverage. Structure your Communication Compliance licensing as a multi-year commitment aligned with your EA term.
Benchmark Against Current Third-Party Costs
If you're paying for Smarsh, Global Relay, or similar supervisory compliance tools, use those contracts as benchmarks in your Microsoft negotiation. Microsoft wants to displace third-party compliance vendors — use that as leverage. The conversation is: "We're paying $X per user annually to [third-party vendor]. For Microsoft to win this consolidation, the E5 Compliance add-on pricing needs to be competitive." This creates meaningful discount pressure.
For broader EA negotiation context, see our EA Negotiation Complete Guide and the EA Negotiation service page.
Communication Compliance in the Broader Compliance Stack
Communication Compliance rarely exists in isolation. Regulated industries that need supervisory review typically also need:
- Information Barriers — to prevent communication between segments (see our Information Barriers guide)
- Insider Risk Management — to detect and investigate policy violations and data exfiltration (see our Insider Risk guide)
- Advanced eDiscovery — to place communications on legal hold and export for regulatory examination (see our Advanced eDiscovery guide)
- Microsoft Purview Audit (Premium) — higher-retention audit logs for forensic investigation
All of these capabilities are included in the E5 Compliance add-on. This bundling is the primary argument for E5 Compliance over individual feature licensing when an organization needs three or more of these controls. The licensing analysis should model the per-user cost of E5 Compliance against the sum of individual add-on costs for the specific features needed.
Conclusion: License Communication Compliance by Supervised Scope, Not Tenant Scope
Communication Compliance is a legitimate regulatory requirement for financial services, legal, insurance, and pharmaceutical organizations. The licensing error most organizations make is scoping it to the entire tenant rather than to the precise population subject to supervisory review policies. In a 5,000-person firm where 1,500 employees are registered representatives or otherwise in-scope for supervision, licensing Communication Compliance for 5,000 users wastes $400,000–$500,000 per year.
The three actions before purchasing: (1) Define your supervised user population precisely. (2) Determine which communication channels regulatory requirements actually mandate monitoring. (3) Compare E5 Compliance add-on cost against current third-party compliance tool spend to establish your negotiation benchmark. An independent advisor who knows Microsoft's discount floors can typically get E5 Compliance add-on pricing 20–30% below the first proposal.
Need an Independent Communication Compliance Licensing Review?
Our M365 Optimization service includes a complete compliance licensing audit — we define your supervisory review scope, model the cost of E5 Compliance for that scope, and develop your EA negotiation strategy. Contact us to schedule a consultation before your next renewal.