No free plan. The cheapest way in is Microsoft 365 E5 at $57/user/month. Consider free alternatives in the security & privacy category if budget is tight.
Yes. Through its integration with Microsoft Defender for Cloud Apps, Purview discovers and governs more than 100 third-party generative AI services including ChatGPT, Google Gemini, Anthropic Claude, and DeepSeek. The browser-based DLP extension can detect and block sensitive data â such as financial records or PII matching one of 300+ classifiers â from being pasted into these external AI apps. However, the deepest controls (sensitivity-label inheritance, full prompt auditing) are reserved for Microsoft 365 Copilot and Security Copilot.
Microsoft Purview's AI capabilities are primarily licensed through Microsoft 365 E5, the E5 Compliance add-on, or the standalone Microsoft Purview suite. Microsoft 365 Copilot itself is a separate $30/user/month add-on, and Purview governance for Copilot interactions generally requires an E5-equivalent compliance entitlement. Some lighter capabilities â like basic audit logs â are available in lower tiers, but DSPM for AI, Insider Risk for AI, and Communication Compliance for Copilot need premium licensing. Organizations should review the Purview AI licensing matrix on Microsoft Learn before deployment.
Data Security Posture Management for AI provides a centralized dashboard showing which Copilot prompts touched sensitive data, which users are generating risky interactions, and which SharePoint sites have oversharing risk. It uses Microsoft's 300+ built-in sensitive information types plus trainable classifiers to flag exposures in real time. Admins can drill from a high-risk signal directly into the underlying prompt, the user's Insider Risk score, and the source document â then apply auto-labeling or DLP policies to remediate. This is critical because Copilot can surface any document the user has access to, including over-permissioned files.
Yes. Copilot interactions are captured in the user's mailbox and exposed through both Microsoft Purview eDiscovery (Premium) and Communication Compliance. Legal teams can place users on hold, search Copilot prompts and responses alongside Teams messages and email, and export results for litigation review. Communication Compliance can also automatically flag Copilot interactions that contain harassment, regulatory violations, or insider trading language using machine learning classifiers. This makes Purview one of the only AI governance platforms with native legal-hold support for generative AI.
Based on our analysis of 870+ AI tools, Purview's strength is breadth and native integration â it covers data classification, DLP, insider risk, eDiscovery, and compliance reporting in one suite tied to Microsoft 365. Specialist tools like Lakera Guard or Prompt Security typically focus narrowly on prompt-injection defense or AI-runtime policy and can deploy on any LLM or cloud, including self-hosted models. If your stack is Microsoft 365 + Copilot, Purview is almost certainly the better fit; if you're protecting custom LLM applications across AWS or GCP, a specialist may deploy faster with deeper runtime controls.
See Microsoft Purview for AI plans and find the right tier for your needs.
See Pricing Plans âStill not sure? Read our full verdict â
Last verified March 2026