Microsoft Purview Information Protection licensing within Microsoft 365 is complex, with features and functionality spread across multiple products. To keep business operations running smoothly, your organization should have a firm grasp on which information protection and compliance features you’ve licensed and which licenses you may need to ensure nothing stops working unexpectedly because you don’t have the right licensing in place.
This Microsoft information protection licensing guide will help you parse out which licenses you need for information protection and data loss prevention. It also includes insider knowledge and tips to help better understand Microsoft’s licensing options.
For example, Microsoft Purview, formerly known as Microsoft Information Protection (MIP), has features that can be purchased a la carte, yet because Microsoft doesn’t publicize this option, it often goes overlooked. In other cases, different products and add-ons offer the same features. You may not know that Purview for Microsoft 365 is effectively the Microsoft 365 E5 compliance add-on.
Here are some of the basics, before we get started with the guide:
What do tenant and user level mean?
Appropriate subscription licenses are required for customers to use the online services. This can be granted at the tenant-level or the user-level. When working within Microsoft 365, tenant-level service is defined as online service that’s activated in part or in full for all users in the tenant, either as a standalone license or as part of a Microsoft 365 or Office 365 plan. User level is license access granted to individuals or categories of users.
What are the Microsoft 365 license types?
Information Protection fits under the broader category of compliance and can be managed within the Microsoft Purview Compliance Portal. Microsoft 365 delivers service plans based on organization size and needs. These include:
- Enterprise (E) – for customers above 300 seats.
- Government (G) – as the name suggests, for U.S. government customers. Microsoft offers parallel Enterprise SKUs for Government.
- Business – for small to medium-sized organizations ranging from 5 to 300 seats.
- Education (A) – for school districts, universities, and other educational institutions. This license is often offered at a special discount.
- Home (personal and family) – for consumer use in a non-business setting.
The Microsoft 365 license suite is bundled into the following components:
- Office 365 includes all productivity and collaboration products for the Web (SaaS) and app installations, Office security, plus compliance subjects.
- Enterprise Mobility + Security hosts several endpoint management, diverse security, and information protection topics.
- Windows Enterprise includes enterprise features for the Windows OS and Defender security.
- Microsoft 365 includes all of the above.
Within the licensing suite are levels that offer standard to advanced features for an additional cost. Enterprise plans have licensing levels for information technology workers (E1, E3, E5, E5 Security and E5 Compliance) and frontline workers (F1, F3, F5 Security, F5 Compliance, F5 Security & Compliance).
- 1 Level - the lightest option that provides basic email and file-sharing capabilities, as well as access to the Microsoft Office suite.
- 3 Level - the mid-level option which includes everything offered in E1, plus greater cloud storage and the full desktop suite of Office 365 applications.
- 5 Level - this all-in-one package includes robust security features through Microsoft Defender for Office 365, as well as all major Microsoft 365 apps that support real-time collaboration, including professional email, online data storage, and video and audio conferencing.
The Business suite also includes licensing levels: Basic, Standard, and Premium, however, only the Premium tier offers information protection services.
In most cases, specific features that are not included in the licensing suites are only available through add-on licenses. The next two sections of our Microsoft licensing guide offer a closer look at what each Enterprise level offers and where add-ons can provide added protection.
Microsoft Purview Information Protection
Microsoft Purview is a comprehensive solution for information protection, data governance, risk management, and compliance. It can discover, classify, and protect sensitive information however it is used or wherever it is stored.
Within the Enterprise plans are varying levels of information protection services. Here is the breakdown:
Microsoft 365 E1
No information protection services are offered. Requires an upgrade to the E3 level.
Microsoft 365 E3
This Enterprise level includes:
- Azure Information Protection Plan 1
- Manual, default, and mandatory sensitivity labeling in Microsoft 365 apps
- Manual labeling with the AIP app and plugin
- Sensitivity labeling for containers in Microsoft 365
- Basic Message Encryption
The same features and functionality are also available by combining Office 365 E3 with Enterprise Mobility + Security E3.
Microsoft 365 E5 or the Microsoft 365 E3 with the E5 Compliance Add-On
This highest level of Enterprise service includes everything in the E3 level, an upgrade to Azure Information Protection Plan 2, as well as:
- Automatic sensitivity labeling in Microsoft 365 apps
- Automatic labeling in the AIP plugin
- Default sensitivity labels for SharePoint document libraries
- Automatic sensitivity labels in Exchange, SharePoint, and OneDrive
- Sensitivity labels based on Machine Learning/Trainable Classifiers/Exact Data Match
- Advanced Message Encryption
- Customer Key
The same features and functionality are also available by combining Office 365 E5 with Enterprise Mobility + Security E5.
Office 365 E3
Office 365 E3 level includes a lighter version of the Microsoft 365 E3 level, including:
- Manual, default, and mandatory sensitivity labeling in Microsoft 365 apps
- Sensitivity labeling for containers in Microsoft 365
- Basic Message Encryption
Microsoft 365 E5 Information Protection and Governance
The Microsoft 365 E5 Information Protection and Governance level offers the same information protection and governance capabilities as the Microsoft 365 E5 Compliance Add-On at a lower cost. This is a product that few customers know about. While the capabilities of this level differ from E5 or the E5 Compliance Add-On in that they don’t include Insider Risk Management, Premium Audit, eDiscovery, Communication Compliance, or Information Barriers, companies that need the license for an information protection-focused purpose can reduce costs by about $5 per month per license with this package.
Business Premium
The Business Premium level for small and mid-sized businesses includes:
- Azure Information Protection Plan 1
- Manual, default, and mandatory sensitivity labeling in Office 365
- Manual labeling with the AIP app and plugin
- Data Loss Prevention (DLP) for emails and files
- Basic Message Encryption
Data Loss Prevention (DLP)
Microsoft Purview Data Loss Prevention (DLP) monitors and detects activity on information categorized as sensitive, preventing theft, alteration, or unintentional sharing.
The Enterprise levels also offer different levels of DLP services, such as:
Microsoft 365 E1
No services included. Requires an upgrade to the E3 level.
Microsoft 365 E3 and Microsoft Office E3
This tier includes DLP for emails & files.
Microsoft 365 E5 or Microsoft 365 E3 with the E5 Compliance Add-On
This level includes:
- DLP for emails & files
- DLP for Teams chat
- Endpoint DLP
Microsoft Office E5
Also slightly lighter than the Microsoft 365 version, this level includes:
- DLP for emails & files
- DLP for Teams chat
Business Premium
All Business level offerings include Teams message retention policies, but the Premium plan also includes:
- Manual retention labels
- Basic org-wide or location-wide retention policies
How to reduce Microsoft licensing cost
Companies looking to build the most efficient licensing options have a choice – go with a full upgrade to include all services or start with a lower level and build out security options with ala carte add-ons. We recommend starting with an ala carte license and upgrading once you're ready to expand.
Companies can also purchase information protection licenses for only the users that regularly interact with sensitive data. While the rest of the organization uses a lower-level license, those who need to protect vital data will have the information protection and data loss prevention tools they need.
Another option is to buy a license for the time it’s needed. This can be an especially efficient method when companies are conducting an audit and may need access to certain features for only a month or two.
The right balance for your company
While there are many licensing options available, from specific bundles to ala carte choices, many organizations today opt for a combination of all three above approaches. As you decide which licenses your company needs to ensure data is managed properly, relying on outside expertise can provide a number of benefits.
By gaining outside expertise, companies won’t fall into the trap of buying a more robust license than they need, avoiding the cost of capabilities they don’t need. On the other hand, organizations won’t be caught off guard by the realization they lack the right licenses to keep the organization secure and running smoothly.
Finally, an outside Microsoft licensing expert can help you parse which users need licensing, and which do not, and how to more efficiently apply the licensing levels for the biggest return on investment.
AdaptivEdge is a Microsoft Gold Partner, we help companies look at various Microsoft products in a holistic way to determine the right mix to meet the needs of today’s digital enterprises.
Our recent whitepaper, How to Build and Maintain Your Data Retention Policy 2023 Microsoft Information Protection Assessment Guide, offers deeper insights into how your organization can build a comprehensive information protection strategy. This guide gives you the latest information on Microsoft's security features so that you can easily develop and implement your information security policies.