Communication Compliance is the most regulatory-driven Purview purchase in the Microsoft portfolio. Financial services firms don't evaluate whether to buy it — FINRA Rule 3110, FCA SYSC 10A, and MiFID II require it. The question is always whether to use Microsoft's solution or a third-party platform. That decision hinges on per-user licensing costs, coverage of non-Microsoft communication channels, and the risk tolerance of the compliance operations team when Microsoft is both the platform provider and the surveillance tool vendor. This guide provides the licensing framework and commercial analysis for both paths.
Independent Advisory. Zero Vendor Bias.
500+ Microsoft EA engagements. $2.1B in managed spend. 32% average cost reduction. We negotiate on your behalf — never Microsoft's.
View Advisory Services →Communication Compliance Licensing Requirements
Communication Compliance is an E5-only capability. It is not available under M365 E3, M365 Business Premium, or any F-series licence. Licences are required for every user whose communications are subject to a policy — the monitored population, not just administrators or reviewers.
| Licence | Communication Compliance Included | Notes |
|---|---|---|
| M365 E3 | ❌ | No communication surveillance capability |
| M365 Business Premium | ❌ | No communication surveillance capability |
| M365 F1 / F3 | ❌ | Frontline workers not eligible |
| M365 E5 Compliance add-on | ✅ | Full capability; requires E3 base |
| M365 E5 | ✅ | Full capability included |
| M365 E5 Information Protection & Governance | ❌ | This add-on does NOT include Communication Compliance |
What Communication Compliance Monitors
Native M365 Coverage
Out of the box, Communication Compliance monitors all of these M365 communication channels: Exchange Online (inbound, outbound, and internal email); Teams chat messages (1:1 and group); Teams channel posts and replies; Viva Engage (Yammer) messages; and Microsoft Copilot interactions (available in specific configurations for Copilot for M365 deployments). The coverage of Teams chat is particularly important — FINRA has specifically issued guidance on firms' obligations to supervise business communications conducted via third-party messaging applications, and Teams falls under that obligation for registered representatives.
Third-Party Channel Coverage
Via the compliance data connector framework, Communication Compliance can ingest and supervise communications from: Bloomberg Message and Bloomberg Mail; ICE Chat; Reuters Eikon Messenger; WhatsApp Business; LinkedIn pages; WeChat; Zoom meetings (transcript); and approximately 30 additional third-party sources. Each connector requires E5 Compliance plus per-connector fees. The connector ecosystem makes Purview Communication Compliance a credible option for multi-channel financial services surveillance — though the connector quality and coverage depth for non-Microsoft channels is generally less mature than purpose-built platforms like Smarsh or Global Relay.
The FINRA/FCA Licensing Model
For financial services organisations, the correct Communication Compliance licensing model is scope-based: licence every registered representative and associated person whose communications require supervisory review under FINRA or FCA rules, plus any support or operations staff who communicate externally about client matters.
In a typical wealth management firm of 1,000 total employees, this population might be 300–500 users (financial advisers, associates, research analysts, trading desk). The remaining 500–700 users (operations, technology, legal, HR, administrative) typically do not require supervisory review. This segmentation allows the firm to purchase E5 Compliance for the regulated population only, and retain M365 E3 for the unregulated population, reducing compliance licensing cost by 30–50% versus a blanket E5 Compliance deployment.
| User Segment | Regulatory Requirement | Recommended Licence | Typical % of Headcount |
|---|---|---|---|
| Registered representatives / financial advisers | FINRA 3110 / FCA SYSC 10A — full surveillance | M365 E5 Compliance | 30–50% |
| Trading desk / research analysts | MiFID II / FINRA — electronic communications | M365 E5 Compliance | 5–10% |
| Client-facing support staff | May require supervision depending on role | M365 E5 Compliance (evaluate) | 10–20% |
| Technology / operations / HR / Legal | Internal HR policy monitoring only | M365 E3 (Communication Compliance optional) | 30–50% |
Policy Capabilities and Detection Engines
Communication Compliance policies use four detection mechanisms. Keyword matching is the baseline — detecting specific terms, phrases, or regular expressions in communications. For financial services, this includes watch-list terms (specific stock tickers during quiet periods), prohibited language, and regulatory red-flag phrases. Keyword policies generate high false-positive rates without careful tuning — expect 15–25% false positives in initial deployment.
Sensitive information type detection applies the same SIT library used in DLP — detecting credit card numbers, account identifiers, national IDs, and other structured sensitive data in communications. This is relevant for compliance with prohibition on transmitting customer sensitive data via unencrypted communication channels.
Trainable classifiers (E5 Compliance) enable more nuanced detection — identifying communications that constitute "regulatory evasion attempts," "harassment," "threatening language," or "financial crimes" without relying on specific keywords. These classifiers require more review time to tune but generate significantly lower false positive rates than keyword policies once operational.
Machine learning-based anomaly detection can flag communications that deviate from a user's established communication patterns — unusual recipients, unusual times, unusual message length — as signals warranting review. This is the most powerful and most complex detection mechanism, requiring 90+ days of baseline communication data before deployment.
Reviewer Workflow and Operations Cost
Communication Compliance generates a review queue. Someone must review flagged communications and make disposition decisions (escalate, resolve, not a violation). The operational cost of running a Communication Compliance programme is often underestimated relative to the licensing cost.
For a 300-user regulated population with keyword policies and trainable classifiers running simultaneously, expect 50–200 alerts per day in the first 90 days of operation. With proper tuning over that period, this should reduce to 20–50 alerts per day. At 15 minutes per alert for initial triage, a 50-alert/day steady-state requires approximately 1 FTE of compliance reviewer time. This operational cost is directly relevant to the build vs buy analysis — third-party platforms often provide managed review services that can supplement internal reviewer capacity.
Get an Independent Second Opinion
Before you sign your next Microsoft agreement, speak with an adviser who has no commercial relationship with Microsoft.
Request a Consultation →Microsoft vs Third-Party Platform Decision
The cost comparison between Purview Communication Compliance and purpose-built platforms (Smarsh, Proofpoint Supervision, Global Relay, Actiance) depends heavily on the existing Microsoft licensing posture and the scope of non-Microsoft communication channels in use.
If the organisation already has E5 Compliance deployed for other Purview capabilities (IRM, DLP, eDiscovery), Communication Compliance has zero incremental licence cost — it is already included. In this scenario, the decision reduces to: is the Microsoft platform's coverage and workflow sufficient for the regulatory programme, or do we need the additional capabilities of a purpose-built platform? For most M365-centric organisations in FINRA jurisdictions, the answer is yes — Microsoft is sufficient for a compliant programme.
If the organisation is not already on E5 Compliance and is evaluating Communication Compliance as the primary driver for the upgrade, the incremental cost is $12/user/month for E5 Compliance. For 300 regulated users, that is $3,600/month ($43,200/year). Smarsh and comparable platforms typically price at $15–$30/user/month for the regulated population — making Purview Communication Compliance materially cheaper, particularly when the E5 Compliance investment also delivers IRM, DLP, and eDiscovery value.
EA Negotiation for Communication Compliance
Lever 1: Smarsh/Proofpoint Displacement Documentation
If you have an existing third-party communication compliance platform, document the total annual cost (licences + services + storage) and present this as the baseline for the Microsoft TCO comparison. Microsoft account teams have specific competitive displacement programmes for Smarsh and Proofpoint that provide additional EA price concessions — typically 10–18% on E5 Compliance for documented displacements of these specific vendors.
Lever 2: Regulated Population Scoping
The most impactful negotiation is defining the regulated population precisely before committing. Every user added to the E5 Compliance commitment adds $12/user/month in ongoing cost. Use the segmented model above (regulated vs non-regulated) and negotiate a two-tier licence structure in the EA: E5 Compliance for the regulated population, E3 for the general population. Microsoft prefers single-tier deployments (100% E5 Compliance) and will push for this in negotiation. Hold to the segmented model — the annual savings are material.
For the broader Purview licensing context, see the Microsoft Purview Licensing Complete Guide and the Microsoft 365 Communication Compliance Administration Guide.
📄 Free Guide: Microsoft Security Licensing Guide
Purview, Defender, Sentinel, and Entra — bundle optimisation framework and EA negotiation levers.
Download Free Guide →Frequently Asked Questions
What licence is required for Microsoft Purview Communication Compliance?
Communication Compliance requires M365 E5 or the M365 E5 Compliance add-on. Every user whose communications are subject to a policy must be licensed — including senders, recipients within scope, and users subject to supervisory review. The M365 E5 Information Protection and Governance add-on does NOT include Communication Compliance.
Does Communication Compliance cover Microsoft Teams?
Yes. Purview Communication Compliance covers Teams chat (1:1 and group), Teams channel messages, Exchange Online, Viva Engage, and third-party communications via data connectors. This comprehensive Teams coverage is essential for financial services organisations meeting FINRA and FCA communication surveillance requirements.
Can Communication Compliance be applied to a subset of users?
Yes. Policies can be scoped to specific users, groups, or departments. This allows organisations to apply full surveillance to regulated employees while excluding non-regulated staff. Each user in scope requires E5 Compliance. This segmented approach is the correct licensing model for financial services organisations where only registered representatives require FINRA-mandated surveillance, reducing licensing cost by 30–50%.
How does Communication Compliance differ from Microsoft 365 communication monitoring?
M365 E3 does not include communication monitoring or supervisory review. E3 provides basic message tracing and audit logging. Communication Compliance adds policy-based detection (keyword matching, ML classifiers, SIT detection), reviewer workflow (assignment, escalation, resolution), case management, and documented audit trail — the complete supervisory review programme required by FINRA and FCA.
What are the alternatives to Microsoft Purview Communication Compliance?
Primary alternatives are Proofpoint Supervision, Smarsh, Global Relay, and Actiance. These have deeper non-Microsoft channel integration and longer FINRA exam track records. The Microsoft advantage is native M365 integration (no data egress), E5 Compliance bundle value, and lower per-seat cost when E5 Compliance is already deployed for other Purview capabilities.
Microsoft Purview Licensing — Related Guides
- Microsoft Purview Licensing Complete Guide — Full suite overview, tiers, and cost framework
- Purview Insider Risk Management Licensing — Complementary monitoring for insider threats
- Purview eDiscovery Premium vs Standard — Legal operations and investigation capabilities
- Purview DLP Licensing Tiers — Preventing data exfiltration in Teams and endpoints
- Microsoft 365 Communication Compliance Guide — Administration and policy configuration guide
- Microsoft 365 Compliance Add-Ons — Full compliance add-on catalogue
- Teams Premium Features Licensing — Enhanced Teams features that complement surveillance
- Microsoft Licensing for Financial Services — Complete EA advisory guide for banks and capital markets
- Microsoft 365 for FINRA & SEC Compliance — WORM archiving, supervision, and broker-dealer requirements
- Microsoft 365 for Banking & Capital Markets — MiFID II, trading floor, and retail banking guide
- Microsoft 365 for Insurance — Solvency II, FCA surveillance, and Lloyd's market compliance
- Microsoft 365 for Asset Management — MiFID II Article 16, Bloomberg integration, and AIFMD requirements
- Microsoft DORA Compliance Guide — DORA pillar mapping, Sentinel SIEM, and third-party risk management