Understanding the Two Purview Families
Microsoft Purview encompasses two functionally and commercially distinct product families that share a brand name but are licensed and deployed separately. Understanding this distinction is the first step to avoiding over-licensing in one area while under-deploying in another.
Microsoft Purview (M365 Compliance): The M365-based compliance and information protection toolset, including Audit, eDiscovery, Data Loss Prevention, Information Protection, Communication Compliance, Insider Risk Management, Compliance Manager, and related capabilities. This family is licensed through M365 user subscriptions (E3/E5) or E5 Compliance add-ons.
Microsoft Purview (Data Governance): The Azure-based data governance platform, formerly known as Azure Purview, which provides multi-cloud data cataloguing, data lineage tracking, data classification at scale, and data governance policy management across Azure, AWS, Google Cloud, and on-premises data sources. This family is licensed as an Azure service, billed based on capacity units and scanning hours — entirely separate from M365 user licensing.
These two families are often confused because Microsoft markets them under the unified "Microsoft Purview" brand and their features intersect (both involve data classification, for example). The licensing conversation for each is completely different: one is per-user (M365 plan), the other is consumption-based (Azure resource).
What M365 E3 Includes for Purview
Microsoft 365 E3 provides foundational Purview compliance capabilities that address basic information protection, audit, and eDiscovery requirements:
| Purview Capability | M365 E3 Inclusion | Limitation vs E5 |
|---|---|---|
| Compliance Manager | Basic assessments | No premium assessments for GDPR, ISO 27001 etc. |
| Purview Audit | Standard (90-day log retention) | No 1-year retention, no high-value audit events |
| Purview eDiscovery | Standard (search, export, hold) | No AI-assisted review, no relevance scoring |
| Information Protection | Sensitivity labels (manual + recommended) | No trainable classifiers, no exact data match |
| Data Loss Prevention | Up to 5 DLP policies (Exchange, SPO, ODB, Teams) | No endpoint DLP, no advanced EXACT match |
| Communication Compliance | One policy only | No multi-policy, no advanced classifiers |
| Records Management | Basic retention labels | No adaptive scopes, no disposition review |
| Insider Risk Management | Not included | E5 or add-on required |
| Information Barriers | Not included | E5 or add-on required |
The E3 compliance baseline is sufficient for organisations with straightforward information protection requirements: applying manual sensitivity labels, conducting basic eDiscovery searches for litigation hold, maintaining a standard 90-day audit trail, and implementing basic DLP policies. Organisations regulated under GDPR, HIPAA, PCI-DSS, or financial services frameworks typically find that E3 compliance capabilities require supplementation for complete coverage.
What M365 E5 Adds for Compliance
Microsoft 365 E5 (and the E5 Compliance add-on) significantly expands Purview capabilities across every compliance domain. The most commercially relevant additions for enterprise buyers are:
Purview Audit (Premium): Extends audit log retention from 90 days to 1 year, adds higher-value audit events including email reads, Teams messages access, and file access patterns (critical for security investigations and insider threat detection), and enables Microsoft 365 Advanced Audit — the forensic investigation capability used in major security incidents.
Purview eDiscovery (Premium): Adds AI-assisted case management, near-duplicate and email thread detection to reduce review sets, relevance scoring to prioritise review, attorney-client privilege detection, and case analytics to quantify review effort. For organisations regularly conducting complex litigation or regulatory investigations, eDiscovery Premium typically reduces external legal review spend by 25–40% through more focused review sets.
Advanced Information Protection: Adds trainable classifiers (custom ML classifiers trained on your organisation's sensitive content categories), exact data match (EDM, which classifies documents containing specific structured data elements like employee IDs or account numbers), document fingerprinting (classifying documents similar to a template), and optical character recognition (OCR) for image-based content classification.
Insider Risk Management: Provides user behaviour analytics for detecting insider threat scenarios — data exfiltration by departing employees, policy violations, suspicious access patterns — using ML models trained on M365 activity signals. Available in E5 or as a standalone add-on.
The most common Purview over-spend we see is organisations purchasing full M365 E5 to access eDiscovery Premium and Insider Risk Management when the E5 Compliance add-on at $12/user/month achieves the same outcome for $25–$30/user/month less than the full E5 upgrade.
Purview Data Map: Separate Azure Licensing
Microsoft Purview Data Map — the multi-cloud data governance capability — is an Azure service licensed separately from M365 Purview compliance capabilities. It is not included in any M365 plan, at any tier. Organisations that discover this often after investing in M365 E5 Compliance under the impression that it covers their data governance requirements face an unwelcome incremental budget conversation.
Purview Data Map billing includes: Data Map Capacity Units (~$0.496/CU/hour, billed in 100-CU increments) for hosting the data catalogue and lineage graph; Scanner Capacity Units (~$0.016/CU/hour) for scanning registered data sources; and optional Purview Data Estate Insights for reporting and analytics. For a mid-enterprise deployment scanning 5–10 data sources (Azure SQL, Azure Data Lake, on-premises SQL Server), the monthly cost is typically $1,500–$4,000, scaling with the number and size of data sources scanned.
Purview Data Map is the appropriate solution when the requirement is multi-cloud data cataloguing, lineage tracking, or data governance policy enforcement across heterogeneous data estates. It is not the solution for M365 content compliance, which is addressed by the M365 Purview compliance capabilities described above.
The E5 Compliance Add-On Option
For M365 E3 organisations needing advanced Purview compliance capabilities, the E5 Compliance add-on (~$12/user/month as of 2026) provides the full M365 Purview compliance suite without requiring a full M365 E5 upgrade (~$57/user/month). This is the correct licensing route for organisations whose primary requirement is advanced compliance and information protection but who do not need the full E5 security bundle (Defender for Endpoint P2, Entra ID P2, etc.).
The E5 Compliance add-on includes all Purview capabilities available in E5: Audit Premium, eDiscovery Premium, advanced Information Protection, advanced DLP (including endpoint DLP), Communication Compliance (full policy access), Insider Risk Management, Compliance Manager premium assessments, Information Barriers, and Customer Lockbox.
The E5 Security add-on (~$12/user/month) covers the security stack (Defender for Endpoint P2, Defender for Identity, Defender for Office 365 P2, Entra ID P2, Microsoft Sentinel 90-day data retention) without the compliance capabilities. Organisations that need both security and compliance additions may find that E3 + E5 Security + E5 Compliance (~$24/user/month in add-ons) approaches the cost of full E5, at which point the full E5 plan becomes commercially equivalent or superior when factoring in additional E5-exclusive features.
Compliance Cost Optimisation Strategies
Conduct a Purview capability assessment before EA renewal: Many organisations pay for E5 Compliance capabilities that are deployed in fewer than 20% of the licensed user population. A usage assessment identifying which Purview capabilities are actively deployed enables rightsizing — purchasing E5 Compliance for the user population that actually uses advanced features, and maintaining E3 for the remainder.
Evaluate trainable classifier requirements carefully: Exact data match (EDM) and trainable classifiers are the E5 Compliance capabilities most frequently cited as justifying the upgrade from E3. Both require significant implementation effort — EDM requires data schema definition and employee/agent time to build and maintain the lookup data; trainable classifiers require sample document curation and iterative training. The licence cost is only part of the total cost; implementation cost is often 3–5× the annual licence cost for the first year. Ensure the use case justifies both components.
Don't conflate M365 Purview and Purview Data Map: Budget them separately from the outset and ensure the right stakeholders own each (IT Security/Legal for M365 compliance, Data Engineering/Architecture for Purview Data Map governance).
Purview in EA Negotiations
For organisations making significant Purview-related EA decisions — upgrading from E3 to E5, adding E5 Compliance, or scoping the E5 user population — the EA negotiation is the right moment to benchmark pricing and negotiate add-on rates. E5 Compliance add-on pricing above $10/user/month is negotiable for organisations above 1,000 seats; achieving $8–$9/user/month is realistic for 2,000+ seat populations in competitive renewal situations.
Combine the Purview/compliance discussion with the broader EA renewal for maximum leverage — presenting compliance requirements as part of a strategic Microsoft relationship discussion generates better outcomes than positioning the E5 Compliance add-on as an incremental cost. For the full framework, see the Microsoft EA negotiation guide, the M365 E5 vs E3 cost analysis, and download our Microsoft EA Guide white paper.