Microsoft Azure Information Protection Licensing: AIP, MIP, and Purview Explained

Microsoft's information protection story is one of the most confusing corners of enterprise licensing — and that confusion costs money. Most organisations are either significantly under-licensed (applying sensitivity labels without the rights to do so) or massively over-licensed (paying for E5 Compliance when a targeted add-on would suffice). After 20 years of advising enterprises on Microsoft agreements, I've rarely seen this area get bought correctly the first time.

The naming alone creates problems. Azure Information Protection (AIP) is the old name. Microsoft Information Protection (MIP) is the technology layer. Microsoft Purview Information Protection is the current product suite. The AIP unified labelling client is the on-premises scanner tool. These are overlapping, evolving concepts — and Microsoft has quietly discontinued some capabilities without updating its licensing documentation accordingly.

This guide cuts through the marketing. Here is exactly what you need, what you are already entitled to, and where Microsoft will push you to buy more than is necessary.

The Naming Evolution: AIP, MIP, and Purview

Understanding what you are buying requires understanding the history. Azure Information Protection launched in 2016 as a standalone product built around persistent, Rights Management-based encryption. It had two plans: AIP P1 and AIP P2. Both are still technically available as standalone SKUs.

In 2019, Microsoft rebranded the classification and labelling technology as Microsoft Information Protection (MIP) and integrated it into Microsoft 365 compliance workloads. The sensitivity labels you see in Office apps and the Microsoft Purview compliance portal are MIP in action.

In 2022, the Purview rebrand consolidated MIP, DLP, records management, eDiscovery, and audit into the Microsoft Purview compliance product family. "Azure Information Protection" now primarily refers to the AIP unified labelling client — a Windows application used to classify and protect files on desktops and on-premises file shares. The cloud-native labelling experience is simply "sensitivity labels in Microsoft 365."

For licensing purposes, this matters because the capabilities you need determine which SKU applies — and the old AIP P1/P2 structure maps imperfectly onto the current E3/E5 Compliance framework.

What Is Included in Microsoft 365 E3

Microsoft 365 E3 includes the foundational information protection capabilities that most organisations actually need day-to-day:

• Manual sensitivity labelling in Word, Excel, PowerPoint, Outlook, and Teams — users can apply labels themselves
• Label-based encryption using Azure Rights Management — protecting documents so only authorised users can open them
• Content marking — headers, footers, and watermarks applied based on label
• Basic DLP integration — using sensitivity labels as a condition in DLP policies (though DLP itself has separate tier requirements)
• AIP viewer application — allows users to open AIP-protected files without a full Office licence
• Azure Rights Management service — the encryption backbone for all label-based protection
• Hold Your Own Key (HYOK) basic support — on-premises key management via AD RMS

If your requirement is to enable a workforce to manually classify and protect documents and emails, you are already licensed. The challenge we see in practice is organisations not enabling these features, not that they lack the licence.

What Requires AIP P2 or E5 Compliance

The capabilities that require uplift are primarily around automation and advanced encryption. AIP Plan 2 (also surfaced as the Microsoft 365 E5 Compliance add-on) unlocks:

• Automatic sensitivity labelling — labelling applied without user intervention based on content scanning (credit card numbers, passport data, custom sensitive information types)
• Recommended labelling — the "This document appears to contain financial data. We recommend applying the Confidential label" prompts
• AIP on-premises scanner — classifies and protects files on Windows file shares and SharePoint Server 2013–2019
• Double Key Encryption (DKE) — an additional encryption layer for ultra-sensitive content where Microsoft cannot hold the key
• Customer Key at rest — controlling encryption keys for data at rest in M365 services
• Bring Your Own Key (BYOK) — managing your Azure RMS tenant key in Azure Key Vault
• Advanced trainable classifiers — machine learning-based content identification beyond standard sensitive information types

The AIP P1 vs AIP P2 Breakdown

Where AIP P1 Actually Lives in the Licensing Stack

AIP P1 is included in Microsoft 365 E3, Microsoft 365 Business Premium, Enterprise Mobility + Security (EMS) E3, and Azure Information Protection Plan 1 standalone. If you have any of these, you have AIP P1 — and most of the information protection tooling you will actually use.

AIP P2 is included in Microsoft 365 E5, Microsoft 365 E5 Compliance, Enterprise Mobility + Security E5, and Azure Information Protection Plan 2 standalone. The standalone AIP P2 price (approximately $10–14 per user per month) is often the most cost-effective route when only a subset of users need automatic labelling. Buying full E5 Compliance (approximately $12 per user per month, often bundled into E5 at $57 per user per month) makes sense only when you need the full compliance suite — eDiscovery, audit, records management, advanced DLP — not just automated labelling.

The AIP Unified Labelling Client: Who Needs It

The AIP unified labelling client is a Windows application that adds an Information Protection bar to Office apps and enables right-click classification of files in Windows Explorer. It is most relevant for organisations that:

• Have users working with non-Office file types (PDF, CAD files) that need RMS protection
• Operate in environments where SharePoint or Teams is not the primary collaboration platform
• Need to protect files on Windows desktops before they are uploaded to cloud services
• Are using the AIP on-premises scanner for legacy file server classification

For organisations fully cloud-native on Microsoft 365, the native Office labelling experience and the built-in labelling in Edge, Teams, and SharePoint is often sufficient. The AIP client is not a prerequisite for using sensitivity labels — it is an enhancement for specific scenarios.

One practical note: the AIP client has been in "maintenance mode" since 2022. Microsoft's direction is to deprecate client-side components in favour of native Office integration. Plan your roadmap accordingly — particularly if you depend on the AIP client for classification of files outside the Office ecosystem.

On-Premises Scanning: The AIP Scanner Licensing Requirement

If you have terabytes of data on Windows file servers, SharePoint Server, or other on-premises repositories, the AIP scanner is how you discover, classify, and protect that content at scale. This requires AIP P2 licensing for every user whose content is being scanned or who is a scanner node operator.

The on-premises scanner runs as a Windows service, can be deployed on multiple servers for scale, and reports findings through the Microsoft Purview compliance portal (for cloud-connected deployments) or locally for air-gapped environments. For regulated industries with large on-premises data estates — financial services, healthcare, defence contractors — this is not optional. The question is whether standalone AIP P2 or E5 Compliance is the better commercial vehicle.

Our typical recommendation: if you need scanning plus basic DLP and are not ready to operationalise the full E5 Compliance suite, start with AIP P2 standalone for a defined scanner operator group. Negotiate a right-to-expand into E5 Compliance without price penalty as you mature your compliance programme.

Negotiating AIP and MIP in Your EA

Information protection is a category where Microsoft's account teams will almost always recommend E5 or E5 Compliance. The business justification is real — the compliance suite is genuinely powerful. But the commercial pressure to upsell is also real. Here is how to push back effectively:

Identify your actual capability requirements first. Automatic labelling for a subset of power users does not justify E5 Compliance for your entire estate. Get specific: how many users need automatic labelling? Do you actually need on-premises scanning? Have you operationalised the AIP P1 capabilities you already have?

Use the standalone AIP P2 as an anchor. If your core need is automatic labelling, AIP P2 standalone pricing is typically negotiable at 25–35% below list. Entering a negotiation with "we are considering standalone AIP P2 for 500 users" puts a number in the room and forces Microsoft to justify the E5 Compliance premium on its own merits.

Negotiate right-to-use protections. If you buy E5 Compliance as a bundle, ensure your agreement includes a right to disaggregate components — so if Microsoft reprices AIP separately in future, you are not trapped. This is increasingly important as Microsoft has shown a pattern of unbundling capabilities that were previously included.

For comprehensive guidance on managing Microsoft's compliance licensing upsell tactics, see our M365 DLP licensing guide and our E3 vs E5 comparison. Our EA negotiation advisory service covers information protection licensing as a standard component of every engagement.

The Purview Information Protection Roadmap: What's Coming

Microsoft's direction is toward deeper integration of sensitivity labels across the entire Microsoft ecosystem — not just Office files and emails. Key developments affecting licensing strategy:

• Teams messages and meeting recordings — sensitivity labels are being extended to cover Teams content at rest, which may change the per-user scoping requirements
• Fabric and Power BI — Microsoft Fabric now supports sensitivity labels natively, and protection inheritance from source data is on the roadmap. This extends AIP P1/P2 requirements into the analytics estate
• SharePoint embedded experiences — as SharePoint Online increasingly hosts AIP-protected content, the client-side model is being deprecated in favour of server-side classification
• AI classification — Microsoft is integrating Copilot-based content understanding with Purview, potentially requiring additional Copilot licensing to automate classification at scale

The roadmap implication: contracts signed today should include version protections and new-product-use rights that prevent Microsoft from reclassifying AI-enhanced labelling features as a separate paid tier. This is a real risk in 2026 and beyond.

Common Overspend Patterns We Identify in Assessments

Based on 500+ enterprise engagements, here are the information protection overspend patterns we see most frequently:

• E5 Compliance for AIP P2 only — buying the full compliance suite when only automated labelling is needed. The price difference is typically $5–8 per user per month with no additional capability being used.
• Full-estate E5 Compliance for a compliance team of 20 — information protection is an admin and power-user function. Not every employee needs AIP P2. Scoped deployment to users who actually apply or manage labels is commercially and technically defensible.
• Paying for AIP P2 when the AIP scanner is not deployed — we regularly find licences bought for on-premises scanning that was never implemented. If the scanner is not running, the P2 feature is shelfware.
• BYOK licensing without BYOK actually being implemented — key management in Azure Key Vault requires operational maturity. Many organisations buy E5 Compliance partly for BYOK but never configure it.

The Independent View: What We Actually Recommend

For most Microsoft 365 E3 enterprises with 500–5,000 users, the right information protection posture in 2026 is:

1. Fully deploy manual labelling across all M365 users — you are already licensed, and most enterprises have not done this properly.
2. Implement AIP P2 standalone for the IT, compliance, and data governance teams who need automatic labelling and on-premises scanning. This is typically 5–15% of your user base.
3. Evaluate E5 Compliance as a genuine bundle only when you are ready to operationalise eDiscovery Premium, Advanced Audit, and Communication Compliance alongside information protection.
4. Build DKE and Customer Key into your 3–5 year roadmap for regulated data — but do not buy it until your encryption key management programme is mature enough to operate it.

This approach typically saves $3–7 per user per month versus a blanket E5 Compliance deployment, with no capability reduction for the majority of users. On a 2,000-user estate over a 3-year agreement, that is $216,000–$504,000 in avoidable spend.

For a full assessment of your information protection licensing position and a commercial strategy for your next renewal, engage our firm. We work independently of Microsoft and all resellers — our only interest is optimising your agreement.

Related reading: Sensitivity Labels Licensing Guide | Microsoft Purview Compliance Center Guide | Information Barriers Licensing | Microsoft Security Licensing Guide | EA Negotiation Playbook (free download)