Microsoft Purview vs Microsoft 365 DLP for Indian companies: a Mumbai finance firm’s Friday call
A working story about Microsoft Purview vs Microsoft 365 DLP for Indian companies. One Mumbai financial advisory firm, a SEBI inspection notice on a Friday, and the weekend that decided the next two years of compliance spend.
One 180-person Mumbai financial advisory firm. Existing licence: Microsoft 365 E3 with the in-built DLP turned on for email and SharePoint. Sophos endpoint DLP on every laptop. CFO has signed nothing extra for two years.
On a Friday afternoon SEBI sent a routine technology inspection notice. Three of the seventeen questions on the checklist asked for things M365 E3 DLP genuinely cannot produce on its own. The CTO said “we already pay for DLP, this is overreach.” His M365 admin said “we already pay for half of DLP, and the missing half is exactly what the inspector wants to see.”
By Monday at 11:00 IST they had a parallel run, a 30-month cost number, and a defensible answer for SEBI. They picked Microsoft Purview. Below is how the conversation actually went, and the comparison table they used to decide.
Free 60-minute Purview vs M365 E3 DLP fit review at the end. We run your tenant against the SEBI and DPDP audit questions before the inspector does. No card, no contract, no sales call.
Friday · 16:15 IST · Mumbai, BKCThe notice that turned Friday into a working weekend
Vihaan is the CTO at a Mumbai financial advisory firm. 180 people, two SEBI registrations, a wealth-advisory practice that handles roughly 4,200 high-net-worth client files. The firm runs Microsoft 365 E3 across the estate. Sophos endpoint DLP sits on every laptop. Vihaan signed both renewals last March and quietly thought of the data-protection box as ticked.
The SEBI inspection notice came in by email at 16:15 IST. Seventeen questions. Inspector visit set for the second Monday of next month. He read the first six in 90 seconds and went looking for Ramya, his M365 admin and compliance lead, on the floor below. She had read the same email at 16:12 and already had the checklist printed with three lines highlighted in yellow.
“Tell me we can answer this from our existing setup.”
“Most of it, yes. Three of the seventeen, no. Question 9 asks for a six-month log of all client PAN numbers shared via Teams chat. Question 11 asks for an inventory of every SharePoint and OneDrive location where Aadhaar or KYC documents are stored, classified by sensitivity. Question 14 asks for an evidence trail of what an analyst named Rohan did with client files in the seven days before he left the firm in March. We cannot give the inspector any of those three from our current configuration. We have the data. We do not have the answer.”
Vihaan sat down. He had been planning to walk into the founder’s office on Monday and say we are fully covered. Looking at Ramya’s three highlights, he no longer was.
Friday · 17:30 IST · small boardroom, fourth floorThe argument that had been waiting six months to happen
Vihaan booked the boardroom for an hour. Ramya brought her laptop and a one-page printout titled “What our M365 E3 DLP actually covers.” They had been dancing around this argument since January, when Ramya first sent him a Purview brief he replied to with a single line: “We already pay for Microsoft DLP. Park this.”
“In plain English. What is the gap between what we have and what SEBI is asking?”
“Microsoft 365 E3 ships with DLP for Exchange Online, SharePoint Online, OneDrive, and Teams chat. We have policies running on credit card numbers, PAN, and Aadhaar. It blocks external send. For the SEBI questions about email and SharePoint at rest, we are fine.”
“So where does it stop?”
“Five places. One, endpoint DLP. M365 E3 does not have it. Sophos handles our endpoints, but Sophos does not sit inside the M365 Compliance Centre, which means I cannot answer question 14 about Rohan from one console. Two, automatic classification. E3 DLP matches the credit card regex. It does not look at a 40-page client investment memo and decide, on its own, that this is confidential. Three, sensitivity labels with encryption. We can label files manually today, but the labels do not enforce encryption when the file leaves our tenant. Four, insider risk management. We have nothing that flags a user suddenly downloading large numbers of client files on a Friday evening. Five, data discovery for SEBI question 11. E3 does not crawl SharePoint to tell me where Aadhaar lives across our estate. Microsoft Purview does all five.”
“And we cannot just turn this on inside our E3?”
“No. Those pieces are either bundled into M365 E5, or sold as standalone Purview SKUs you add to E3 per user. We either move to E5, which is a lot, or add Purview standalone licences for the 60 users who actually touch client data, which is much less. Bas, that is the entire decision.”
Vihaan looked at the printout. The first column read M365 E3 DLP. The second column read Microsoft Purview. The third column read SEBI question this answers. The argument was not Purview or not. The argument was which 60 of our 180 people get it, and how fast.
Saturday · 10:40 IST · Ramya’s dining table, homeThe Saturday morning that tested what M365 E3 DLP actually catches
Ramya did not wait for Vihaan’s decision. She spent Saturday morning at her dining table doing the test she had been putting off since January. Two laptops. The left one logged into a wealth analyst account inside their E3 tenant. The right one logged into a Purview trial tenant she had quietly extended past its February expiry.
She ran twelve scenarios drawn from the Microsoft Learn page on Microsoft Purview Data Loss Prevention, each one mirroring an analyst’s Friday afternoon.
One. Pasting nine client PAN numbers from Excel into a private Teams chat. E3 caught it. Purview caught it. Tie.
Two. The same nine PANs pasted into a WhatsApp Web window open in office Chrome. E3 saw nothing. Sophos caught it at the endpoint, but the alert sat in the Sophos console with no link to a sensitivity label or compliance record. The Purview tenant, with endpoint DLP on, blocked the paste and logged user, file source, destination application and triggered policy in one record.
Three. Downloading a 12 MB folder of 47 client KYC PDFs from SharePoint at 18:40 on a Friday. E3 did not flag it. The user was authorised. The Purview tenant flagged it under Insider Risk Management as unusual download volume for this user at this hour. Not blocked. Flagged. Exactly the posture SEBI question 14 about Rohan needed.
By 12:40 she had her answer. Of the twelve scenarios, E3 cleanly covered four. Sophos covered another three at the endpoint in isolation. Purview cleanly covered all twelve in one place. She wrote one line at the top of her notes: This is not about replacing what works. It is buying the bridge between three systems that do not talk to each other.
Sunday · 15:20 IST · Vihaan’s home officeThe cost spreadsheet that was honest about everything E3 DLP was not charging us
Vihaan spent Sunday afternoon with two spreadsheets and a calculator. 30 months, from July to end of FY29. 180 users today. Three paths.
Path one. Stay on E3 DLP plus Sophos plus quarterly manual audits. Licence run-rate around Rs 24.4 lakh a year, which he had been quoting to the founder. Hidden costs were uncomfortable to write down. Two compliance analyst days a month reconciling Sophos against M365 incidents, roughly Rs 2.9 lakh a year. One external SEBI readiness review at Rs 1.8 lakh. The expected cost of the question he could not answer, which the IBM Cost of a Data Breach Report 2024 puts at Rs 19.5 crore per Indian breach, was uninsurable but not zero. Path one: about Rs 87 lakh over 30 months, before counting any incident.
Path two. Add Purview standalone for the 60 users who actually touch client data. Partner-priced through the Indian CSP channel, around Rs 540 per user per month for Purview Information Protection and DLP, plus Rs 720 per user per month for Insider Risk Management for the 30 senior analysts. Net additional Rs 8.5 lakh a year. 30-month delta about Rs 21 lakh.
Path three. Move all 180 users to M365 E5. The Microsoft 365 plan comparison made the SKU jump clean to read. Full Purview, endpoint DLP, Insider Risk Management, eDiscovery Premium, Defender for Cloud Apps all included. CSP add around Rs 1,720 per user per month. Net additional Rs 37 lakh a year. 30-month delta around Rs 92 lakh.
Vihaan worked the cells. Path two cost roughly one-fourth of path three, covered every SEBI question, and left the 120 non-client-facing users on existing E3. He circled the Path-two number with a pencil. Chalo, he thought. That is the call.
The trap is comparing “M365 DLP” to “Microsoft Purview” as if they were two products competing for the same budget. The DLP in E3 is one Purview component, partially licensed. Purview is the wider family it is carved out of. The decision is how much of Purview you license, for which users, by when.
Monday · 10:00 IST · Vihaan’s officeThe vendor call that narrowed the scope
Vihaan called Sirius Star at 09:45 Monday morning. I picked up. Two of his peers at Mumbai advisory firms had asked the same SEBI question in the previous fortnight. I told him so before he started. An Indian buyer trusts a partner more when the partner names the pattern first.
“You sent me Ramya’s twelve-scenario table at 09:32. Before you ask. If it were my firm, I would buy Purview Information Protection plus DLP for your 60 client-facing users this month. Buy Insider Risk Management for the 30 senior analysts at the same time. Leave the other 120 users on E3. Do not buy E5 across the estate this quarter. You save roughly Rs 71 lakh over 30 months and get an answer that maps cleanly to every question on the SEBI checklist.”
“Deployment risk?”
“Lowest on tenants already inside M365. The Purview admin centre activates inside the same compliance portal Ramya is already in. Information protection labels publish once and roll out across 60 users in 24 hours. DLP policies port from your existing E3 rules in a day. Insider Risk Management needs two weeks of baseline learning before the first signal is reliable. Plan for that. SEBI is four weeks away. You will have a clean answer for questions 9, 11 and 14 by week three.”
“One thing I will not recommend. Do not buy Microsoft Defender for Cloud Apps in the same purchase. People add it reflexively because it is in E5. For your shape, with two SEBI registrations and one Microsoft tenant, it is overkill in month one. Add it in 2027 if your cloud SaaS footprint grows.”
Vihaan wrote two lines on the call. First: buy the bridge, not the building. Second: the cheapest defensible answer for the next 30 months. He hung up at 10:34. By 11:15 Ramya had sent the quote to the founder, who signed at 17:50 the same day. The E5 conversation he had been quietly dreading never happened.
Microsoft Purview vs Microsoft 365 DLP: the comparison Ramya printed
This is the table that closed the argument. We pinned it to the inside of the boardroom door so Vihaan’s next budget conversation starts in the right place.
| What you actually need | M365 E3 DLP | Purview add-on to E3 | M365 E5 (full Purview) |
|---|---|---|---|
| Email and SharePoint DLP | Included. Rules-based. | Already included via E3. | Included plus richer policy templates. |
| Endpoint DLP (USB, clipboard, browser upload) | Not included. You buy it separately or live with Sophos in isolation. | Included on the licensed user. | Included on every user. |
| Auto-classification of sensitive documents | Not included. Manual labelling only. | Included with trainable classifiers. | Included plus pre-built India PII pack. |
| Sensitivity labels with encryption that travels | Labels exist. Encryption enforcement does not. | Included with rights management. | Included plus customer-managed keys. |
| Insider Risk Management | Not included. | Optional add-on per user. | Included. |
| SEBI / DPDP audit fitness | Partial. Cannot answer endpoint or discovery questions. | Full, for licensed users only. | Full, across estate. |
| 30-month India partner-priced cost above current E3 spend | Rs 0. But Rs 14 lakh of hidden compliance overhead. | ~Rs 21 lakh for 60 licensed users. | ~Rs 92 lakh for 180 users. |
| Honest verdict for a 180-person Indian firm | The right answer in 2021. The wrong answer in 2026. | Where most Indian SMBs land. Buy the bridge. | Right for <300 person firms with heavy cloud SaaS sprawl. |
The two-line conclusion in plain English. M365 E3 DLP is real, and not enough on its own for an Indian firm with PAN, Aadhaar, KYC or financial data sitting in SharePoint and being shared in Teams. Purview, added per user, fills the gaps E3 leaves behind at a fraction of an E5 move.
What Vihaan and Ramya’s weekend teaches, mapped to your week
- Read your audit checklist before you renew anything. Both MeitY’s DPDP framework and the SEBI technology inspection sheet ask for things M365 E3 DLP alone cannot produce. Match your spend to the question, not the brochure.
- Compare like for like. M365 E3 DLP is one Purview component. Microsoft Purview is the larger family. They are nested, not competing. Treat them that way in your spreadsheet.
- License Purview for users who touch client data, not the estate. For most Indian firms 25 to 40 percent of headcount sits near regulated data. Buy Purview for those. Leave the rest on E3. Cost delta is one-fourth of a full E5 move.
- Insider Risk Management needs two weeks of baseline. Buy it the month before an audit, not the week before, so signals are reliable when the inspector reads them.
- Endpoint DLP from a different vendor is not the same as endpoint DLP inside Purview. Sophos plus M365 in two consoles is not the single-console evidence SEBI asks for.
Microsoft Purview vs Microsoft 365 DLP: the four-question buyer’s checklist
Before your next licence renewal, answer these four in writing. Any one you cannot answer with a number or a date is your gap.
- Which business systems contain PAN, Aadhaar, KYC, or sector-regulated data, and is each inside or outside M365? The inside set is what E3 DLP can already see. The outside set is what endpoint or discovery licences have to bridge.
- How many of your users actually create, edit, or share regulated data in a typical month? For most Indian SMBs the honest number is 25 to 40 percent of headcount. Buy Purview for those. Save the rest of the spend.
- Can your current console produce, in one export, a six-month log of all DLP incidents across email, SharePoint, Teams, OneDrive and endpoints with user, file, action and policy? If the honest answer involves three tools and a Power BI report, that is the gap one Purview console closes.
- What does your regulator’s most recent technology inspection sheet ask? SEBI, RBI, IRDAI and CERT-In all publish these. Read yours line by line. Unmatched lines are your real buy list.
For the longer compliance picture, pair this with our DPDP readiness checklist for HR and IT teams, our piece on how to stop data leaks over email in India, and our walk-through of Microsoft 365 E3 vs E5 for Indian firms.
Questions Vihaan wishes he had asked sooner
Q. Is Microsoft 365 DLP the same product as Microsoft Purview DLP?
Same underlying engine, different licence. The DLP shipped with M365 E3 covers Exchange Online, SharePoint Online, OneDrive and Teams chat with rules-based policies. The full Purview DLP, available standalone or inside E5, additionally covers endpoints, third-party cloud apps via Defender for Cloud Apps, and brings auto-classification, sensitivity labels with encryption, and insider risk signals into the same console.
Q. Do I need Purview if I already have Sophos or Symantec endpoint DLP?
You need it if your regulator or DPDP audit asks for a single-console evidence trail across email, SharePoint, Teams, OneDrive and endpoint. Sophos and Symantec are excellent at the endpoint, but they do not sit inside the M365 compliance record. SEBI, RBI, IRDAI and DPDP inspectors want one log, not three. Many Indian firms keep existing endpoint DLP for redundancy and add Purview for unified evidence.
Q. What is the smallest sensible Purview purchase for an Indian SMB on M365 E3?
For most 100 to 300 person Indian firms, Purview Information Protection plus DLP as a standalone add-on, licensed only for users who actually touch regulated data. That is typically 25 to 40 percent of headcount. Insider Risk Management is a separate add-on for senior analysts. A full E5 jump only makes sense if the firm also needs Defender for Cloud Apps and eDiscovery Premium estate-wide.
Q. How long does a Microsoft Purview rollout actually take in India?
Information Protection labels publish across an existing M365 tenant in 24 to 48 hours. Endpoint DLP agents reach 90 percent of laptops in 7 to 10 working days. Insider Risk Management needs at least 14 days of baseline learning before signals are reliable. For a tenant under 300 users, plan four working weeks from PO to a clean audit-ready posture.
Q. How is Sirius Star different from buying Purview licences directly?
Sirius Star is a Microsoft Cloud Solution Provider in India. CSP licence pricing is comparable to direct purchase. The saving for Indian SMBs is on deployment, policy design, sensitivity-label taxonomy, SEBI or DPDP audit mapping, HR communication and co-termination with your existing M365 renewal so endpoint, email and compliance lines fall on one PO. We are the implementation partner the licence does not include.
Your SEBI, RBI, IRDAI, or DPDP audit will not warn you before the question lands.
If your current M365 setup cannot produce, in 60 seconds, a six-month log of all DLP incidents across email, SharePoint, Teams, OneDrive and endpoints with user, file, action and policy, that is the gap. Reply on WhatsApp with your user count and current licence mix. We will run a free 60-minute Purview vs M365 E3 DLP fit review against your tenant and the latest SEBI or DPDP checklist, and tell you exactly which Purview SKUs Vihaan bought and which ones he refused. No card. No contract. No sales call.
Get my free Purview fit review
Or WhatsApp +91 91375 93228 with the words “Purview review”.
Karthik here. We ran this exact Purview fit review for a Hyderabad asset-management firm last week. 240 users on E3 plus Symantec endpoint DLP. The CEO had been one quote away from signing for E5 across the estate. Our review found 78 client-facing users who genuinely needed Purview, the rest staying clean on E3. The 30-month saving came to Rs 84 lakh. The COO sent us one line on Tuesday morning: “We picked the bridge, not the building.”
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
