Home Capabilities How We Work M365 E7 Partnering About Contact
FRONTIER
Northforge / Microsoft 365 E7
Announced 9 March 2026 · GA 1 May 2026
The agentic era

Microsoft 365 E7.
The agentic era
starts here.

The biggest Microsoft licensing change in a decade. E7 isn’t just a new SKU — it’s Microsoft’s declaration that AI agents are digital workers that need identities, governance and security controls. For Defence, Defence Industry, Federal Government and National Security organisations, getting there safely requires serious platform work. Northforge helps you build that readiness.

Relevant to
Defence Defence Industry Federal Government National Security
the Frontier Worker Suite
What is M365 E7?
Existing
M365 E5
Full E5 security, compliance, identity and productivity stack. Defender, Intune, Purview, Entra ID P2, Power BI Pro. Unchanged inside E7.
$60 / user / mo from July 2026
New in E7
Copilot for M365
AI assistant embedded in Word, Excel, PowerPoint, Outlook and Teams. Wave 3 adds embedded agentic workflows and autonomous task execution.
Was $30 / user / mo add-on
New in E7
Agent 365
Control plane for AI agents — observability, identity controls and governance for agents operating across the organisation as digital workers.
GA 1 May 2026 · $15 standalone
Upgraded in E7
Entra Suite
Full Entra Suite vs E5’s Entra ID P2. Adds Private Access (ZTNA) and Internet Access (SASE) — replacing legacy VPN with Zero Trust.
Zero Trust network upgrade
Northforge perspective

E7 isn’t a licence you buy and switch on. For regulated organisations, the journey to safely deploying Copilot and governing AI agents in a PROTECTED environment is a security programme — one that requires solid E5 foundations, mature data classification, and identity governance that extends to non-human agents.

what’s different
E5 Security vs E7
CapabilityM365 E5M365 E7
Defender for Endpoint P2
Microsoft Purview
Microsoft Intune Suite
Entra ID P2
Microsoft Sentinel
Entra Private Access (ZTNA) New
Entra Internet Access (SASE) New
Microsoft 365 CopilotAdd-on $30/user/mo✓ included New
Agent 365 New
List price (from July 2026)$60 / user / mo$99 / user / mo
regulated organisations running PROTECTED M365
Who this applies to
Defence
Defence agencies & programmes
Organisations operating PROTECTED Azure and M365 under ISM, DSPF and ASD guidance. The most complex deployment context — classified network integration, strict accreditation requirements, mission-critical constraints.
ISMDSPFIRAPPROTECTED
Defence Industry
Prime contractors & Defence suppliers
Organisations required to handle PROTECTED information under DISP or contractual obligations. Many are running M365 but haven’t built the security posture required to safely enable AI features.
DISPPROTECTED handlingISM
Federal Government
Commonwealth agencies & regulators
Federal agencies operating under PSPF and ISM obligations who are evaluating Copilot and agentic AI for productivity uplift. Data governance maturity varies significantly — many agencies need structured uplift before AI features can be safely enabled.
PSPFISMAPS
National Security
Intelligence & national security agencies
Organisations operating at the higher end of classification. AI agent governance in these environments requires the most rigorous identity controls, audit trails and policy guardrails.
SECRET+Classified networksAgent identity
why it’s not simple
The challenge
Copilot reads everything the user can access
In any regulated environment, Purview sensitivity labels must be correctly applied, DLP policies enforced, and oversharing identified and remediated before Copilot can be safely enabled. Most organisations with E5 licences have not fully activated this stack. Turning Copilot on without that foundation creates real data exposure risk.
AI agents need identities — those identities need ISM-aligned controls
Agent 365 governs AI agents as digital workers. Each agent needs an Entra ID identity, access controls scoped to principle of least privilege, audit logging, and policy guardrails aligned to ISM and PSPF obligations. No published ISM or PSPF guidance exists for AI agent identity governance yet.
The Entra Suite upgrade changes the network security architecture
Entra Private Access (ZTNA) and Internet Access (SASE) represent a significant architectural shift for organisations still running traditional perimeter security or legacy VPN. Integrating these with existing classified or regulated network architectures requires experienced Entra and network security practitioners.
how Northforge gets you there
The E7 readiness journey
Stage 01
E5 Security foundations
Activate and harden what you already own
Most organisations have E5 licences but haven’t fully deployed the security stack. Northforge audits your posture and activates Conditional Access, Entra ID P2, Defender for Endpoint and Intune — aligned to ISM controls and Essential 8 maturity.
Entra ID P2Conditional accessDefender hardeningEssential 8
Stage 02
Data classification readiness
Purview labelling, DLP and AI readiness assessment
Copilot amplifies access to information. Northforge deploys label taxonomies aligned to Australian Government classification policy and validates your environment is AI-safe before any features are enabled.
Microsoft PurviewSensitivity labelsDLP policiesAusGov classification
Stage 03
Copilot deployment
Safe Copilot enablement within ISM and PSPF controls
Northforge scopes Copilot deployment for your regulated environment — defining access policy, audit and logging obligations, and governance under your security policy using first-principles ISM and PSPF reasoning.
Copilot scopingAccess policy designAudit & loggingISM first-principles
Stage 04
Agent 365 governance
AI agent identity, access and governance framework
Northforge designs the identity and governance framework for AI agents operating as digital workers — Entra identities, least-privilege access scoping, audit trails, and policy guardrails for classified and regulated environments.
Agent identity designAgent 365 configLeast-privilege accessGovernance framework
our advantage
Why Northforge for E7
01
We’ve operated at SECRET
Our team has designed and operated classified on-premises environments. When we apply that discipline to Copilot and agent governance in PROTECTED contexts, we’re applying proven security thinking from a harder classification level.
02
Deep Microsoft stack expertise
Entra ID, Purview, Defender, Intune, Sentinel — we’ve deployed the full E5 stack in regulated Defence and Government environments. E7’s additions sit on top of foundations we already know intimately.
03
First-principles ISM & PSPF reasoning
Neither the ISM nor the PSPF have caught up with Copilot or AI agents yet. Organisations need practitioners who can apply existing frameworks to novel technology. That’s exactly what Northforge does.
04
Accreditation built in
Every stage of the E7 readiness journey produces IRAP-ready artefacts — architecture documentation, security risk assessments and control evidence — aligned to The Forge Method™.

Ready to start your E7 readiness journey?

Northforge helps Defence, Defence Industry, Federal Government and National Security organisations build the E5 foundations and security posture needed to safely deploy E7.

Start a conversation →