"SharePoint is included in Microsoft 365." That sentence costs companies more than they think.

In conversations with managers the same sentence comes up again and again: “We have SharePoint as part of Microsoft 365, so we don’t need to worry about licensing.” In 2024 that was broadly true. In 2026 it stopped being true a long time ago — and anyone who hasn’t admitted it to themselves yet is running an environment that wakes up fine in the morning but ends up in trouble by quarter-end.

In the basic M365 licence you get SharePoint Online as a repository with limited administration. You can create sites, libraries, set permissions and share. What you don’t get there is a systematic tool for oversharing prevention, site lifecycle, classification of sensitive content, AI grounding controls, or DLP policies specific to your environment. All of those are separate licences — and anyone who runs SharePoint for hundreds of users and dozens of terabytes of corporate content without them is doing it amateurishly in 2026.

The good news is that we’re not talking about thousands of euros per user. Realistically we’re looking at single-digit to low double-digit euros per month — and in some cases it’s already paid for inside a licence you already have. The bad news is that the vast majority of organisations either don’t know about these tools, or they have them but don’t use them.

Let’s walk through the three licences without which you simply can’t pull this off today. For each one I’ll say what it does, what it costs and why a company should have it — and how the licences fit together.

1) SharePoint Advanced Management (SAM)

What it is

SharePoint Advanced Management is an add-on for SharePoint Online and OneDrive that adds a set of advanced admin tools for governance, oversharing control and lifecycle management. Microsoft originally released it as a paid add-on on top of the standard SKUs; today SAM is part of every Microsoft 365 Copilot licence. It only takes at least one Copilot-licensed user in the tenant for SAM to be activated across the entire tenant (Microsoft Learn — SharePoint Advanced Management).

What it specifically adds

• Restricted Access Control (RAC) — a site limited to a specific security group. Sharing links outside the group don’t work, and Copilot honours that.
• Restricted Content Discovery (RCD) — the site doesn’t appear in organisational search or Copilot Chat at all. Good for M&A, legal matters, executive content (Microsoft Learn — Restricted Content Discovery).
• Data Access Governance reports — an overview of sites that may have overshared content, “Everyone except external users” on sensitive sites, externally shared files.
• Inactive Site Policy and Site Lifecycle Management — automatic detection of inactive sites, owner notifications, archiving, deletion. You can run it in simulation mode first.
• Site Ownership Policy and Site Attestation — a rule for the minimum number of owners, periodic re-confirmation by the owner that the site still has a purpose, that permissions are OK and sharing is in order.
• Sharing link policies — default link type (internal vs. “anyone with the link”), expiration, allowed external domains. Set it once, applies across the tenant.
• Catalog Management (from February 2026) — a central view that automatically clusters sites and enables bulk lifecycle administration, access reviews and storage optimisation (Withum — SAM Offerings Breakdown).
• SharePoint Admin Agent — an AI assistant for managing the tenant. Answers questions like “show me where I have the biggest oversharing risk” (Microsoft Learn — SharePoint Admin Agent).

What it costs

Standalone, around 3 USD per user per month (roughly 2.80 EUR), licensed per tenant. Free as part of every Microsoft 365 Copilot licence and Microsoft 365 E5 (Withum, 2toLead — Take Advantage of SAM in Your Copilot Tenant).

Why a company should have it

Without SAM you have no way to systematically address oversharing, site lifecycle and control over sensitive content. You can write all of this manually with PowerShell, but that takes more time than the 3 dollars per user is worth. And the moment you want to roll out Copilot, SAM is effectively mandatory, not recommended.

2) Microsoft 365 Copilot

What it is

Microsoft 365 Copilot is the AI layer over the whole of M365 — Word, Excel, PowerPoint, Outlook, Teams, SharePoint, OneNote and Loop. At first glance it’s a productivity tool. From a governance perspective it’s a gateway to advanced security controls that you can’t otherwise reach inside Microsoft 365.

What it specifically adds (from a governance angle)

• Activates SAM across the whole tenant (a single licence is enough). That on its own is worth considering even for organisations that don’t yet want to use Copilot widely (Microsoft Learn — Get ready for Copilot with SAM).
• Authoritative Sites — in the admin centre you can mark sites as the “official source” (intranet, HR handbooks, corporate news). Copilot and search then prioritise them.
• AI Citations Analytics (from May 2026) — the first standardised metric for content quality from an AI grounding perspective. You see how often Copilot has cited a particular page or document.
• Sensitivity labels enforcement in AI — Copilot honours Microsoft Purview sensitivity labels and DLP policies. Where content is labelled as confidential, Copilot will not share it outside the user’s context.
• AI-specific audit logs — what Copilot generated, on the basis of what, for whom. Critical for a compliance audit.
• Copilot Control System — a set of admin controls for the whole Copilot ecosystem: who has which agent, what sources it can use, how activity is logged (Microsoft Learn — Copilot Control System Security and Governance).

What it costs

• M365 Copilot Business (companies up to 300 users): around 21 EUR per user per month — equivalent to the previous 18 USD, sold for SMB.
• M365 Copilot Enterprise: around 30 USD per user per month (EUR pricing is adjusted in the EU based on FX, see the July 2026 adjustment) (Microsoft — M365 Copilot Plans and Pricing, Easi.net — M365 in 2026: Copilot SKUs and pricing).
• Copilot Chat (Basic) — from 15 April 2026 free as part of every M365 licence, but without functionality inside Office applications. Not enough for governance (EPC Group — M365 Copilot Pricing & Licensing 2026).

Why a company should have it (at least a few seats)

Even if you don’t want to flood the whole organisation with Copilot, it makes sense to buy at least 1–5 licences. That alone unlocks SAM for the whole tenant and gives you access to all the governance features (Authoritative Sites, RCD, Admin Agent). From a compliance perspective it’s the cheapest way to get tools into your tenant that you’d otherwise have to build by hand.

And the moment a company wants to use Copilot at user level, rolling it out without the SAM governance layer doesn’t make sense — Copilot will start uncovering oversharing nobody is prepared for.

3) Microsoft Purview Suite (Microsoft 365 E5 Compliance)

What it is

Microsoft Purview is a set of tools for data classification, leak prevention, retention and compliance across the whole of Microsoft 365 — including SharePoint. You’ll find most of the individual features in the basic M365 plans in a limited form, but the full governance layer opens up only with the Microsoft 365 E5 Compliance add-on (renamed to Microsoft Purview Suite). If you have M365 E3, you buy it as an add-on. If you have M365 E5, it’s included.

What it specifically adds

• Sensitivity Labels (Information Protection) — metadata-driven classification of SharePoint sites, libraries, folders and documents. Through them you can enforce encryption, access restrictions, watermarks, restrictions on printing and downloading. Without these, Copilot looks at all content the same way (Microsoft Learn — Learn about sensitivity labels).
• Auto-labeling — automatic labelling of files containing sensitive patterns (ID numbers, IBAN, health data, key words). Critical for the thousands of existing documents nobody has time to label by hand.
• Data Loss Prevention (DLP) — policies that prevent the sending or sharing of content with a specific classification. “This document must not be shared externally” as an enforceable rule, not a wish (Microsoft Learn — DLP policy reference).
• Retention Labels & Policies — automatic retention and removal of content after a defined period. Without it, content typically lives in SharePoint forever, which directly worsens grounding quality for Copilot.
• Records Management — formal record declaration, immutable retention for regulated content (contracts, invoices, HR documents).
• eDiscovery (Premium) — full capability to find and preserve content across the tenant in case of litigation or an incident.
• Insider Risk Management — detection of risky user behaviour (mass downloads, unusual sharing, exfiltration before resignation).
• Communication Compliance, Information Barriers, Customer Lockbox — additional compliance layers on top of base M365.

What it costs

Microsoft 365 E5 Compliance / Microsoft Purview Suite — around 12 USD per user per month as an add-on to M365 E3 (roughly 144 USD per user per year). Included in M365 E5 (SHI — M365 E5 Compliance suite updates, HBS — M365 E5 Security & Compliance Add-Ons, Microsoft — Purview Suite Pricing).

For organisations that don’t need everything, individual components also exist (Information Protection, Data Lifecycle Management, eDiscovery) as standalone add-ons — but if you take SharePoint seriously, the full Purview suite is usually a better financial choice than piecing it together.

Why a company should have it

Sensitivity labels are the bridge between permission and classification. Without them, neither Copilot nor search has any way to distinguish “a contract” from “a draft presentation”. DLP and retention solve what SAM and Copilot cannot — what may, and what must, happen to data. And the moment an audit, GDPR request or legal dispute lands on the company, the difference between “we can find it in hours” and “we’ll be looking for three weeks” is decisive.

How it fits together

Let’s lay the three licences side by side:

Licence	What it solves	Price (indicative)	For whom
SharePoint Advanced Management	Oversharing, lifecycle, RAC, RCD, sharing policies, Admin Agent	~3 USD / user / month standalone, free with Copilot or E5	Any tenant with sensitive data in SharePoint
Microsoft 365 Copilot	Authoritative Sites, AI Citations, Copilot Control System, unlocks SAM	21 EUR (Business) / 30 USD (Enterprise) / user / month	Companies that want AI and/or SAM governance features across the tenant
Microsoft Purview Suite (E5 Compliance)	Sensitivity labels, DLP, retention, eDiscovery, Insider Risk	~12 USD / user / month add-on, included in M365 E5	Any company with sensitive data, in a regulated industry, or running Copilot

A realistic configuration for a 100-user company looks like this:

• Variant A (“minimum” — typical SMB): 5× M365 Copilot for key users + Purview Suite as an add-on for 20 key users (leadership, HR, legal counsel, finance). SAM is activated thanks to Copilot. Roughly 150 USD per month for Copilot + 240 USD for Purview = ~390 USD / month.
• Variant B (“standard” — company with regulated content): 10× M365 Copilot + 100× Purview Suite. Per month, 300 + 1,200 = ~1,500 USD / month. Covers all users with the compliance layer.
• Variant C (“full enterprise”): 100× M365 E5 (includes both SAM and Purview). E5 pricing is individual (roughly 57 USD per user per month), Copilot Enterprise on top of that. Per month, 5,700 + 3,000 = ~8,700 USD / month.

In practice, Variant B usually makes the most sense — a handful of Copilot licences for key users, SAM unlocked for the whole tenant, Purview Suite for users who work with sensitive data. Copilot is then expanded gradually based on real benefit.

Takeaways

Three sentences worth remembering:

1. “SharePoint is included” is true only up to the size of a small team. For a hundred users and more, without add-on licences it’s an immature tool.
2. It no longer makes sense to buy SAM standalone. A few Copilot licences are often a cheaper way to activate it — and you get an AI layer on top.
3. Purview is not an optional compliance toy. It’s the bridge between permission and classification, without which neither Copilot, nor DLP, nor retention actually work.

And don’t forget: licences in themselves solve nothing. They just open the door to tools that have to be deployed, configured and maintained. That’s the second half of the equation — and typically where companies get stuck.

---

At EasyPortal 365 we work on this topic with companies daily. If you’re not sure what combination of licences you should have and where to start with governance deployment, get in touch. We’ll arrange a 30-minute call — walk through your situation, recommend a specific licence mix and the first implementation steps. No commitment, no vendor pitch.

In the next instalment we’ll look at how to specifically deploy Sensitivity Labels in practice — which 5 labels are enough to start with, how to roll them out, and what to do with old content.

---

Sources:

SharePoint Advanced Management:

• Microsoft Learn — SharePoint Advanced Management overview
• Microsoft Learn — Get ready for Copilot with SAM
• Withum — SharePoint, SAM and SharePoint Premium Offerings Breakdown
• 2toLead — Take Advantage of SAM in Your Copilot Tenant

Microsoft 365 Copilot:

• Microsoft — Microsoft 365 Copilot Plans and Pricing
• Microsoft Learn — Copilot Control System Security and Governance
• Easi.net — Microsoft 365 in 2026: New capabilities, Copilot SKUs and pricing
• EPC Group — M365 Copilot Pricing & Licensing 2026

Microsoft Purview Suite (E5 Compliance):

• Microsoft — Microsoft Purview Suite Pricing
• Microsoft Learn — Learn about sensitivity labels
• Microsoft Learn — DLP policy reference
• SHI — M365 E5 Compliance suite updates
• HBS — M365 E5 Security and Compliance Add-Ons