top of page

Microsoft Purview Licensing 101

Microsoft Purview licensing for Microsoft 365

Introduction

Microsoft Purview is a powerful suite that helps organisations manage, govern, and secure data across Microsoft 365 and beyond. But let’s face it - Microsoft’s licensing model isn’t exactly the easiest to navigate. With the recent changes to the data governance billing model and the addition of new policy indicators in Insider Risk Management, the complexity has only grown. For businesses looking to protect their data and stay compliant, understanding how to properly license Microsoft Purview can be a bit of a challenge.

In this blog, I'll focus on Microsoft 365 data protection capabilities in Purview, breaking down the licensing options for some of the most popular features.


Disclaimer

This article is not an official or complete list of all Microsoft Purview licensing options. Additionally, I will not cover the unified data governance side of Purview (formerly known as Azure Purview). Instead, our focus is on Microsoft 365 data protection capabilities. For the most up-to-date and detailed licensing information, always refer to official Microsoft documentation.

At the end of this article, you’ll find a free printable PDF summarising key features and their availability across different Microsoft 365 license levels - from Business Basic to Microsoft 365 E5.


Table of contents


Microsoft Purview: Tenant-level service

Microsoft Purview is classified as a tenant-level service, which means it is activated for all users within an organisation’s tenant. However, accessing specific features requires appropriate licenses on a per-user basis. In other words, it’s not a tenant-wide license where one subscription (like an E5 license) covers the entire organisation. Each user who needs access to certain features must have the correct licensing.


Understanding Microsoft Purview licensing

Before diving into the specifics, it's important to understand the two main billing models that govern Microsoft Purview:

  1. Per-User Licensing Model

  2. Pay-As-You-Go (PAYG) Billing Model


Per-user licensing model

This licensing model follows the familiar structure of Microsoft 365 plans (such as E3, E5, A5, F5, G5), making it relatively simple for organisations to apply Microsoft Purview security and compliance features. It's specifically designed for Microsoft 365 and Windows/macOS endpoint-based assets, covering compliance, security, and risk management tools.


What’s included in the per-user model:

  • Available for Microsoft 365 and Windows/macOS users.

  • Aligns with existing Microsoft 365 enterprise plans (e.g., E3, E5).

  • Includes a suite of security, compliance, and risk management tools designed to protect your organisation’s data.


In this model, key features like Endpoint Data Loss Prevention (DLP) and Communication Compliance typically require a Microsoft 365 E5 license for each user. It’s important to remember that licensing is per-user, not tenant-wide.


Key exceptions in the per-user model

While the per-user model is straightforward, there are a few exceptions that organisations need to consider:

  • Insider Risk Management Insider Risk Management is a critical feature for tracking and responding to internal threats. This feature requires a per-user, per-month subscription. However, enabling certain newer policy indicators will incur additional charges on a pay-as-you-go basis.

    Cloud service, cloud storage, and Fabric indicators have transitioned to a pay-as-you-go pricing model. To use these indicators, you must first link an Azure subscription for billing. You'll only pay for the indicators used - no upfront costs, no commitment.

    These indicators are as follows:

    • Cloud storage indicators (preview): Box, Dropbox, Google Drive

      Cloud storage indicators
      • Cloud Service indicators (preview): AWS, Azure indicators

      Cloud Service indicators
      • Microsoft Fabric indicators (preview): Power BI

      Microsoft Fabric indicators

  • Optical Character Recognition (OCR) OCR scanning, a tool for extracting text from images and scanned documents, is another feature that falls under the pay-as-you-go model. Organisations need to plan for this when enabling OCR features within Purview. If you wish to use features like auto-labelling and need to ensure that sensitive content within images or scanned documents converted to PDF files is also detected, you must enable OCR. Clarification (thanks to Zak Hepler for raising the question): I'm thinking of very specific scenarios here where enabling support for pdfs is not sufficient enough for the auto-labelling to be able to recognise the content of the file and then apply a label, such as scanned documents saved in a pdf format that consist of handwritten notes that rely on the OCR capability that supports text extraction. However, enabling OCR will incur additional costs on top of your per-user licenses.

    Note: The cost of using OCR is $1.00 per 1,000 scanned items, with each scanned image counting as a single transaction. This applies to standalone image files such as JPEG, JPG, PNG, BMP, and TIFF, each of which is billed individually. Additionally, for PDF files, each page is considered a separate transaction. For instance, scanning a 10-page PDF would be equivalent to 10 individual scans.


Pay-As-You-Go (PAYG) billing model

In contrast to the per-user model, the PAYG billing model expands Microsoft Purview’s protections beyond just Microsoft 365 to cover a broader range of environments. This includes services like Microsoft Fabric, Azure SQL, Azure ADLS, as well as third-party cloud environments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Box, and Dropbox.

The PAYG model is charged based on:

  • Assets protected

  • Processing units used

A key update to this model is its transition from a free public preview to a paid public preview, which began on January 6, 2025.


Download the licensing comparison PDF

To simplify your understanding of Microsoft Purview licensing, I’ve created a free downloadable PDF that compares popular features across different Microsoft 365 license tiers. This handy resource maps features to license levels - from Business Basic all the way up to Microsoft 365 E5 - helping you quickly figure out which licenses you need to support your organisation’s data protection requirements.



Final thoughts

Microsoft Purview offers a broad range of data protection, compliance, and security features across Microsoft 365 and beyond. Understanding how to license these capabilities can be a bit tricky, especially with the addition of new models like PAYG and changes to existing features.

For the latest information on licensing and features, always consult the official Microsoft documentation.


Resources:

2 Comments


Bruno MAURAS
4 days ago

Hello, Your document is really clear and helpfull however I noticed a mistake regarding the license type required for the Teams message retention policies. Indeed, M365 E3 and E5 are not set as LICENCED :).

Have a great day!

Like
welka2111
3 days ago
Replying to

Whoops! Thanks for that, all updated now!

Like

Drop Me a Line, Let Me Know What You Think

Thanks for submitting!

© 2035 by Train of Thoughts. Powered and secured by Wix

bottom of page