The Microsoft Purview compliance portal is a single administrative console that surfaces approximately twenty distinct compliance workloads — from sensitivity labelling and DLP to eDiscovery, audit, communication compliance, and insider risk management. Every one of those workloads has a different licensing requirement. Many organisations access the portal believing their current licence covers everything they configure there. It does not.
This creates a systematic compliance licensing gap that Microsoft's account teams have every incentive to exploit at renewal. The standard pitch is: "You are accessing features in the Purview portal that require E5 Compliance — let us get you properly licensed." Sometimes that is accurate. Often, it is the opening of an upsell conversation that can be deflected with the right preparation.
After reviewing compliance licensing for hundreds of enterprise agreements, our position is direct: most organisations need a subset of E5 Compliance capabilities, most of the time. Understanding which workloads you are actually using — and licensing precisely those — is how you stay compliant without overpaying by $8–15 per user per month on capabilities that sit idle.
The Access vs Licensing Distinction
Administrator access to the Microsoft Purview compliance portal is included with any Microsoft 365 or Office 365 subscription. Accessing the portal to configure a workload does not mean you have the licence to use that workload's features. The licensing requirement applies to the users whose data is being governed, processed, or protected — not to the admin configuring the policy.
The Portal Structure: What You Are Looking At
The Microsoft Purview compliance portal (compliance.microsoft.com) is organised into several solution areas. Understanding the licensing tier for each area is the starting point for structuring your compliance spend correctly:
- Information Protection — sensitivity labels, auto-labelling, Azure Information Protection. E3 covers manual labelling. E5 Compliance or AIP P2 needed for automatic labelling.
- Data Loss Prevention — endpoint DLP, Teams DLP, and Exchange/SharePoint DLP. E3 covers basic Exchange and SharePoint DLP. Endpoint DLP and Teams DLP require E5 Compliance or M365 E5.
- Information Governance / Data Lifecycle Management — retention labels and policies. Basic retention is E3. Adaptive scopes, simulation mode for auto-apply retention, and retention for Teams private channels require E5 Compliance.
- Records Management — regulatory records, disposition workflows, multi-stage disposition review. Requires E5 Compliance for all advanced capabilities.
- eDiscovery — Content Search and eDiscovery Standard are included with E3. eDiscovery Premium (formerly Advanced eDiscovery) requires E5 or E5 Compliance add-on.
- Audit — Basic audit logs (90-day retention) are included with E3. Audit Premium (audit log retention up to 10 years, high-value audit events) requires E5 Compliance.
- Communication Compliance — supervisory review, policy-based monitoring of Teams messages, email, and Viva Engage. Requires E5 Compliance or Communication Compliance add-on for every user in scope.
- Insider Risk Management — behavioural analytics for data theft, leakage, and policy violations. Requires E5 Compliance or Insider Risk Management add-on for users in scope.
- Information Barriers — segment users to prevent communication conflicts of interest. Requires E5 Compliance or Information Barriers add-on.
- Privacy Risk Management (Priva) — a separate Microsoft Priva product, priced separately from E5 Compliance.
- Compliance Manager — assessment templates and compliance score. Basic Compliance Manager is included with E3. Premium assessment templates require E5 Compliance.
The Licensing Tiers: E3, E5 Compliance, and E5
The compliance licensing architecture has three main levels that determine what the Purview portal makes available:
Microsoft 365 E3 — What You Get
E3 includes the foundational compliance capabilities that were previously in the Office 365 E3 plan plus EMS E3. In the Purview portal, E3 gives you:
- Manual sensitivity labelling and label-based encryption (AIP P1)
- Basic DLP — Exchange Online, SharePoint Online, and OneDrive policy enforcement
- Basic retention policies for Exchange, SharePoint, OneDrive, and Teams
- eDiscovery Standard — search, hold, export content across M365
- Audit Standard — 90-day audit log retention for common user and admin activities
- Basic Compliance Manager — regulatory framework assessments, score, and improvement actions
- Microsoft Purview Message Encryption (OME) — encrypt emails sent outside the organisation
For organisations at the E3 level focused primarily on email security and basic regulatory compliance (SOC 2, ISO 27001 evidence gathering), E3 is often sufficient. The gaps appear when regulated-industry requirements, legal hold obligations, or HR-driven monitoring create needs that E3 cannot meet.
Microsoft 365 E5 Compliance Add-On — The Targeted Upgrade
The E5 Compliance add-on (approximately $12 per user per month at list price, typically negotiable to $9–10 at volume) unlocks the full Purview compliance suite above E3. This is the add-on that should be scoped to the users who need advanced compliance capabilities — typically your IT, compliance, legal, and HR functions, plus any employees in regulated roles or under supervisory obligations.
E5 Compliance adds: automatic sensitivity labelling (AIP P2), endpoint and Teams DLP, advanced retention (adaptive scopes, Teams channel retention), Records Management with multi-stage disposition, eDiscovery Premium, Audit Premium with long-term log retention, Communication Compliance, Insider Risk Management, and Information Barriers.
Microsoft 365 E5 — The Bundle Approach
M365 E5 includes E5 Compliance as part of the bundle, alongside E5 Security (Defender suite) and E5 Voice (Teams Phone). The all-in price is approximately $57 per user per month at list. This only makes commercial sense if you are deploying all three pillars — compliance, security, and voice. Buying E5 for compliance alone is almost always an overspend.
The Blanket E5 Compliance Problem
We regularly see enterprises buying E5 Compliance for all users when the actual requirement is Communication Compliance for 200 employees in monitored roles and Insider Risk Management for 50 IT administrators. The differential in cost: approximately $12 per user per month blanket vs $4–6 per user per month targeted. On a 2,000-user estate, that is $120,000–$192,000 per year in avoidable spend.
Workload-by-Workload Licensing Map
| Purview Workload | M365 E3 | E5 Compliance Add-On | Standalone Option |
|---|---|---|---|
| Manual sensitivity labelling | ✓ Included (AIP P1) | ✓ Included | AIP P1 ~$2/user/mo |
| Automatic sensitivity labelling | ✗ Not included | ✓ Included (AIP P2) | AIP P2 ~$10/user/mo |
| Exchange/SharePoint/OneDrive DLP | ✓ Included | ✓ Included | Included in E3 |
| Endpoint DLP | ✗ Not included | ✓ Included | No standalone available |
| Teams DLP | ✗ Not included | ✓ Included | No standalone available |
| Basic retention policies | ✓ Included | ✓ Included | Included in E3 |
| Adaptive scope retention | ✗ Not included | ✓ Included | No standalone available |
| Records Management (multi-stage disposition) | ✗ Not included | ✓ Included | No standalone available |
| eDiscovery Standard | ✓ Included | ✓ Included | Included in E3 |
| eDiscovery Premium | ✗ Not included | ✓ Included | No standalone available |
| Audit Standard (90-day) | ✓ Included | ✓ Included | Included in E3 |
| Audit Premium (10-year, high-value events) | ✗ Not included | ✓ Included | No standalone available |
| Communication Compliance | ✗ Not included | ✓ Included | ~$10/user/mo add-on |
| Insider Risk Management | ✗ Not included | ✓ Included | ~$10/user/mo add-on |
| Information Barriers | ✗ Not included | ✓ Included | ~$3/user/mo add-on |
| Compliance Manager (basic) | ✓ Included | ✓ Premium templates included | Included in E3 |
The Scoping Question: Who Actually Needs E5 Compliance?
This is the question that determines whether your compliance licensing spend is rational or inflated. The licensing rules are clear: the E5 Compliance (or equivalent add-on) must be assigned to the user whose data is being processed by the advanced feature. Not every user in the tenant. The user in scope.
What this means in practice:
- Communication Compliance — licence the employees under supervisory review, not the entire organisation. A financial services firm monitoring 200 brokers and traders does not need Communication Compliance licences for 1,800 corporate employees who are not subject to FINRA supervision.
- Insider Risk Management — licence users whose activities are being monitored in IRM policies. Typically this is IT administrators, employees handling sensitive data, and employees in offboarding workflows. Rarely the entire organisation.
- eDiscovery Premium — licence the custodians (people whose data is on legal hold or under review) plus the reviewers. Custodian count varies by litigation exposure, but it is almost never every employee.
- Automatic labelling — licence users who have auto-labelling policies applied to their data. If you are auto-labelling SharePoint sites rather than user mailboxes, the scoping question is more nuanced — but the principle holds: scope to necessity.
Compliance Manager: What E3 Gives You vs E5
Compliance Manager (the assessment-and-scoring tool within Purview) is often used by compliance teams as evidence of regulatory posture. The key licensing distinctions:
With E3, you get the Compliance Score dashboard, the DPIA/GDPR/ISO 27001 assessment templates that are built into the product, and improvement action tracking. This is sufficient for most governance, risk, and compliance (GRC) programmes that do not require custom frameworks or industry-specific premium templates.
E5 Compliance adds premium assessment templates covering approximately 300+ regulatory frameworks including HIPAA, PCI DSS, FedRAMP, NIST CSF, SOX, and others. For highly regulated industries, these templates are valuable. For general enterprise use, the 70+ default templates in E3 cover most needs.
Microsoft has been expanding the premium template library as a justification for E5 Compliance. Evaluate whether you actually use the additional frameworks before treating this as a purchasing driver.
The Standalone Add-On Alternative
For organisations that need specific Purview workloads but cannot justify full E5 Compliance deployment, Microsoft offers several standalone add-on SKUs. These are underutilised because Microsoft's account teams rarely lead with them — the E5 Compliance bundle generates higher total contract value. Push explicitly for standalone pricing if your requirement is limited:
- Microsoft 365 E5 Communication Compliance — approximately $10 per user per month for communication monitoring only. If your requirement is strictly FINRA/FCA supervisory review, this is commercially superior to full E5 Compliance.
- Microsoft 365 E5 Insider Risk Management — approximately $10 per user per month. Scoped to users monitored in IRM policies.
- Microsoft 365 E5 Information Protection and Governance — approximately $7–9 per user per month. Covers AIP P2, records management, advanced retention, and advanced DLP without eDiscovery Premium or IRM.
- Azure Information Protection P2 — approximately $10–14 per user per month for automatic labelling and on-premises scanning.
Combinations of these standalone SKUs for different user populations often produce a lower total cost than blanket E5 Compliance — and represent a defensible compliance position during a Microsoft audit.
Negotiating Compliance Licensing in Your EA
Microsoft's account teams will approach the Purview compliance portal conversation from one of two angles: either flagging that you are under-licensed based on portal activity, or proposing proactive E5 Compliance deployment as part of a broader E5 migration. Both approaches carry commercial urgency framing that you should treat sceptically.
The independent buyer's approach:
- Run a compliance workload inventory before any licensing conversation. Know exactly which Purview solutions are configured, which user populations they cover, and whether those policies are active. An inactive policy is not a licensing obligation.
- Map requirements to minimum viable licences. For each workload in use, identify whether a standalone add-on or targeted E5 Compliance deployment covers the requirement more efficiently than blanket E5 Compliance.
- Negotiate user count flexibility. Compliance programmes expand — regulated role counts change. Ensure your agreement includes provisions to adjust E5 Compliance licence counts mid-term without penalty, in both directions.
- Push for step-up rights. If you are buying E3 today with a view to E5 Compliance for a subset of users, negotiate the step-up price now. Lock the E5 Compliance add-on price at a defined discount before your renewal cycle creates pressure.
For guidance on structuring a compliance licensing negotiation as part of your broader EA, see our EA negotiation tactics guide and our coverage of E3 vs E5 decisions. Our EA negotiation service covers compliance licensing positioning as standard.
What Changes When Microsoft Rebrands Again
The Microsoft Purview brand itself is only three years old. The compliance portal has been through multiple naming and navigation changes since 2019 (Security & Compliance Center → Microsoft 365 Compliance Center → Microsoft Purview compliance portal). Each rebrand creates licensing confusion that Microsoft's sales teams exploit.
The underlying licences — E5 Compliance, the standalone add-ons, AIP P1/P2 — have remained relatively stable through the rebranding. Focus on the workload capabilities, not the product names. When Microsoft introduces Priva, or expands Purview into new AI governance capabilities, each will come with separate pricing. Build a contractual framework that allows you to evaluate new workloads on their merits rather than being automatically swept into an E5 Compliance upsell.
Related reading: AIP and MIP Licensing Guide | eDiscovery Premium Licensing | Purview Audit Premium Guide | Insider Risk Management Licensing | EA Negotiation Playbook (free download)