The Microsoft 365 E5 Compliance add-on is one of the most commercially significant bundles in the Microsoft product catalogue — and one of the most misunderstood. At $12/user/month layered on top of an E3 base, it delivers eight distinct Purview compliance capabilities that previously required separate add-on licences costing $25–$40/user/month in total. Understanding exactly what it includes — and critically, what it does not — determines whether your organisation is paying $9/user/month less than it should be (by staying on E3 + add-on rather than full E5) or significantly over-licensing for compliance features that a scoped deployment would deliver more efficiently.
Independent Advisory. Zero Vendor Bias.
500+ Microsoft EA engagements. $2.1B in managed spend. 32% average cost reduction. We model E3 + Compliance add-on vs full E5 for every client — and the answer is rarely what Microsoft tells you.
View Advisory Services →What the E5 Compliance Add-on Includes
The Microsoft 365 E5 Compliance add-on bundles the following Purview capabilities into a single $12/user/month SKU when purchased on top of a qualifying E3 base:
| Capability | Standalone Add-on Price (pre-bundle) | Key Use Case |
|---|---|---|
| Purview Information Protection E5 | ~$4/user/month | Auto-labelling, trainable classifiers, DKE, scanner |
| Purview DLP — Teams, Endpoint, MDCA | Included with IP E5 | DLP beyond Exchange/SharePoint to Teams and devices |
| Purview Audit Premium | ~$3/user/month | MailItemsAccessed, 1-year retention, intelligent insights |
| Purview eDiscovery Premium | ~$6/user/month | TAR, review sets, custodian management, near-dupe |
| Purview Communication Compliance | ~$5/user/month | FINRA/FCA supervision, ML policy detection |
| Purview Insider Risk Management | ~$5/user/month | Departing employee, data leak, security violation policies |
| Compliance Manager Premium Assessments | ~$2/user/month | NIST, ISO 27001, SOC 2 assessment templates |
| Records Management | Included with IP E5 | Retention labels, file plan, disposition review |
The implicit per-capability value at pre-bundle standalone pricing totals approximately $25/user/month. At $12/user/month bundled, the E5 Compliance add-on represents a 52% discount on buying capabilities individually. The catch: you only realise this value if you actively deploy the included capabilities. Based on our engagement data across 500+ Microsoft clients, the average organisation deploys 2.3 out of 8 included capabilities — a utilisation rate that makes the bundle economics questionable for many buyers.
What the E5 Compliance Add-on Does NOT Include
This is where Microsoft's marketing creates the most confusion. The E5 Compliance add-on is explicitly a compliance and data governance bundle. It does not cross into security workloads, which are gated behind E5 Security or the full Microsoft 365 E5 licence.
| Capability | Included in E5 Compliance? | What's Needed |
|---|---|---|
| Microsoft Defender for Office 365 Plan 2 | ❌ Not included | E5 Security or M365 E5 |
| Microsoft Defender for Endpoint Plan 2 | ❌ Not included | E5 Security or M365 E5 |
| Microsoft Defender for Identity | ❌ Not included | E5 Security or M365 E5 |
| Microsoft Sentinel | ❌ Not included | Separate Sentinel workspace (consumption billing) |
| Microsoft Entra ID P2 (Azure AD P2) | ❌ Not included | E5 Security, Entra ID P2 add-on, or M365 E5 |
| Microsoft Intune Plan 2 / Suite | ❌ Not included | Intune Plan 2 add-on or M365 F3/E5 |
| MDCA — Full platform (threat detection) | ⚠️ Partial (DLP integration only) | Full MDCA requires E5 Security or M365 E5 |
| Microsoft Defender XDR unified portal | ⚠️ Limited access | Full XDR requires E5 Security |
E3 + E5 Compliance vs Full E5: Financial Analysis
The fundamental cost question: E3 + E5 Compliance add-on at $48/user/month versus full Microsoft 365 E5 at $57/user/month. That $9/user/month difference seems small — until you scale it.
| Tenant Size | E3 + E5 Compliance/year | Full E5/year | Annual Saving (E3 + addon) |
|---|---|---|---|
| 500 users | $288,000 | $342,000 | $54,000 |
| 1,000 users | $576,000 | $684,000 | $108,000 |
| 2,500 users | $1,440,000 | $1,710,000 | $270,000 |
| 5,000 users | $2,880,000 | $3,420,000 | $540,000 |
| 10,000 users | $5,760,000 | $6,840,000 | $1,080,000 |
The $540,000/year saving for a 5,000-user organisation buys the E5 Security add-on for 750 users — meaning you could give your top-risk population full security capabilities while still saving money versus universal E5 deployment. This is the "tiered licensing" strategy we implement for roughly 40% of our mid-market clients.
When Full E5 Is the Right Answer
Full E5 makes economic and operational sense in four scenarios. First, when you need both compliance and security capabilities universally — the $9/user premium versus buying both add-ons separately is a clear win. Second, when your organisation is in a regulated sector (financial services, healthcare) requiring both communication compliance and advanced threat protection for all users — the operational overhead of managing two add-on licences versus a single E5 SKU has real cost. Third, when your EA renewal is within 12 months and Microsoft is offering E5 as a volume commitment incentive — discounted E5 pricing below E3 + add-on levels is achievable in the right negotiation context. Fourth, when you have Copilot for Microsoft 365 deployment — which requires E3 or E5 as a base, but where the $30/user Copilot add-on economics only work at E5 utilisation levels for high-value knowledge workers.
Get an Independent Second Opinion
E3 + add-on vs E5 is a $540K annual decision for a 5,000-user org. We model it against your specific regulatory requirements and usage patterns before you commit.
Request a Consultation →Capability Deep-Dives: The Eight Included Features
1. Purview Information Protection E5
The E5 tier of Information Protection unlocks service-side auto-labelling (classifies files at rest across Exchange, SharePoint, and OneDrive without user action), trainable classifiers (ML models that identify content by pattern rather than keyword), and Double Key Encryption (DKE) for content that must be encrypted with customer-controlled keys even from Microsoft. For organisations with unstructured data estates above 10 million documents, service-side auto-labelling alone justifies the E5 Compliance add-on — manual labelling at scale is not achievable. See our detailed breakdown in the Purview Information Protection Licensing guide.
2. DLP for Teams, Endpoint, and MDCA
E3 DLP covers Exchange and SharePoint/OneDrive only. E5 Compliance extends DLP enforcement to Teams chat and channel messages (the most significant gap — Teams processes 300 million daily active users generating vast amounts of unmonitored sensitive data), Windows and macOS endpoints (six enforcement actions: block USB, block clipboard, block print, block browser upload, block restricted apps, block network share), and MDCA-connected cloud apps. The Teams DLP gap alone is the leading driver of E5 Compliance adoption in regulated industries. Full coverage analysis in our Purview DLP Licensing Tiers guide.
3. Purview Audit Premium
Discussed in detail in our Purview Audit Standard vs Premium guide. The critical additions over Standard: MailItemsAccessed event (email forensics for breach investigations), 1-year log retention (versus 90/180 days for Standard), 2,000 API requests/minute (versus 60 for SIEM integration), and SearchQueryInitiated events for insider threat correlation.
4. Purview eDiscovery Premium
The compliance add-on's most financially impactful capability for litigation-heavy organisations. Technology-Assisted Review (predictive coding) reduces document review populations from hundreds of thousands to tens of thousands, with documented cost savings of $650,000–$820,000 per major litigation matter. Non-Microsoft connectors (100+, including Bloomberg Terminal, ICE Chat, Refinitiv Eikon) are an E5 Compliance exclusive — critical for financial services eDiscovery. Full cost analysis in our eDiscovery Premium vs Standard guide.
5. Purview Communication Compliance
ML-powered supervision for regulated communications. Required for FINRA-registered broker-dealers (Rule 3110 supervision), FCA-regulated firms under SYSC 10A, and any organisation subject to SEC Section 17(a) communication retention and review requirements. The E5 Compliance add-on delivers this at $12/user/month versus specialist third-party supervision platforms (Smarsh, Global Relay) at $15–$30/user/month. For a 200-user regulated population, this is a $36,000–$108,000 annual saving. Details in our Purview Communication Compliance Licensing guide.
6. Purview Insider Risk Management
Behavioural risk analytics for departing employees, data leakers, and policy violators. The key licensing nuance: IRM requires E5 Compliance for every user placed within an IRM policy scope — not just the investigated individuals. A policy scoped to "all employees" on an E3 base would require the add-on for 100% of users; a scoped policy targeting the 15% highest-risk population requires the add-on only for that cohort. The difference for a 5,000-user organisation: $864,000/year versus $129,600/year. IRM + HR connector integration (automatic policy elevation on resignation) requires Workday, SAP SuccessFactors, or custom HTTPS connector setup. Full scoping analysis in our Purview Insider Risk Management Licensing guide.
7. Compliance Manager Premium Assessments
Compliance Manager's built-in assessments (GDPR, NIST 800-53, ISO 27001) are available to E3 tenants. Premium Assessments — unlocked with E5 Compliance — add 300+ additional regulatory templates including HIPAA/HITECH, FedRAMP, SOC 2, PCI DSS, and jurisdiction-specific frameworks (LGPD for Brazil, PIPL for China, PDPA for Singapore). For compliance teams managing multi-framework programmes, Premium Assessments replace $20,000–$60,000/year in GRC platform licences.
8. Records Management
Records Management (file plan, retention labels, disposition review, event-based retention) is technically included with Information Protection E5. The key E5 Compliance feature: regulatory records — records that cannot be deleted even by global administrators. Standard retention labels allow admin deletion; regulatory records are immutable from point of declaration. Required for SEC 17a-4(f) WORM (write once, read many) compliance for broker-dealers, and recommended for any organisation with litigation hold obligations that require evidence of tamper-proof retention.
Qualifying Base Licences
The E5 Compliance add-on requires a qualifying base licence. Qualifying SKUs as of 2026: Microsoft 365 E3, Microsoft 365 E3 EEA (no Teams), Office 365 E3, Microsoft 365 Business Premium (limited — does not include all E5 Compliance capabilities), Microsoft 365 F3 (limited — Frontline Worker compliance subset only). The add-on is not available on E1, F1, or Business Basic/Standard bases.
📄 Free Guide: Microsoft Purview Licensing Guide 2026
Complete framework covering all Purview tiers, E3 vs E5 compliance decisions, and EA negotiation levers for 2026.
Download Free Guide →EA Negotiation Strategy for E5 Compliance
Three negotiation levers consistently produce results for E5 Compliance add-on pricing:
Competitive displacement documentation: If your organisation currently pays for third-party tools that E5 Compliance replaces — Smarsh/Global Relay for communication compliance, Recommind/Nuix for eDiscovery review, Varonis/Symantec for DLP — document the combined annual spend and present it as a competitive displacement argument. Microsoft's commercial teams have explicit incentive to displace named competitors and will authorise discounts of 15–25% on E5 Compliance add-on pricing to win that displacement.
Scoped deployment with expansion commitment: Negotiate add-on pricing based on a scoped initial deployment (high-risk users, regulated employees) with a contractual commitment to expand to a defined percentage by year 2 or 3. This reduces year-1 spend while giving Microsoft revenue visibility — a trade Microsoft will frequently accept with year-1 pricing applied to the expanded year-2/3 population.
E5 full upgrade assessment: If Microsoft is pushing you toward full E5, use the $9/user/month differential as leverage. Agree to upgrade to full E5 for 30–50% of your user base (the population that genuinely needs security capabilities) while maintaining E3 + Compliance add-on for the remainder. This "tiered deployment" model reduces E5 spend versus universal upgrade while Microsoft still captures increased per-user revenue on the security-licenced population.
Frequently Asked Questions
What does the M365 E5 Compliance add-on include?
The M365 E5 Compliance add-on ($12/user/month on top of E3) includes: Purview Information Protection E5, DLP for Teams/Endpoint/MDCA, Audit Premium, eDiscovery Premium, Communication Compliance, Insider Risk Management, Compliance Manager Premium, and Records Management.
What does the E5 Compliance add-on NOT include?
The E5 Compliance add-on does NOT include: Microsoft Defender for Office 365 Plan 2, Microsoft Defender for Endpoint, Microsoft Sentinel, Entra ID P2, Intune P2, or Microsoft Defender for Cloud Apps (MDCA) standalone. These require E5 Security or full E5.
Is E5 Compliance add-on cheaper than full E5?
Yes. E3 + E5 Compliance add-on = $48/user/month vs full E5 at $57/user/month. That's a $9/user/month saving. For 1,000 users, that's $108,000/year. The trade-off is you get compliance capabilities but not E5 security features.
Can I buy E5 Compliance add-on for only some users?
Yes. The add-on is per-user and you can deploy it selectively. However, some Purview capabilities (like tenant-wide DLP policies) require all users in scope to be licensed. Check per-capability licensing rules before deploying to a subset.
Does E5 Compliance include MDCA (Cloud App Security)?
Partial. The E5 Compliance add-on includes the Purview MDCA integration for DLP policy enforcement in cloud apps. However, the full MDCA platform (threat protection, session control, app discovery) requires E5 Security or full Microsoft 365 E5.
Related Microsoft Compliance & Purview Guides
- Microsoft Purview Licensing Complete Guide — All tiers, all capabilities, EA negotiation framework
- Purview Audit Standard vs Premium — MailItemsAccessed, retention tiers, SIEM bandwidth
- Purview Information Protection Licensing — Auto-labelling, trainable classifiers, AIP scanner
- Purview Communication Compliance Licensing — FINRA, FCA, ML policy detection
- Purview Insider Risk Management Licensing — Scoped deployment, HR connector, policy templates
- Microsoft E3 vs E5 Comparison — Full feature and cost comparison for EA buyers
- Microsoft 365 Compliance Center Guide — Admin setup, assessment templates, reporting