Capabilities Accreditation M365 E7 Partnering About Engage
FRONTIER
Northforge / Microsoft 365 E7
Announced 9 March 2026 · GA 1 May 2026

Microsoft 365 E7.
The agentic era
starts here.

The biggest Microsoft licensing change in a decade. E7 isn’t just a new SKU — it’s Microsoft’s declaration that AI agents are digital workers that need identities, governance and security controls. For Defence, Defence Industry, Federal Government and National Security organisations, getting there safely requires serious platform work. Northforge helps you build that readiness.

Relevant to
Defence Defence Industry Federal Government National Security
What is M365 E7?
the Frontier Worker Suite
Existing
M365 E5
Full E5 security, compliance, identity and productivity. Defender, Intune, Purview, Entra ID P2, Power BI Pro. Unchanged inside E7.
$60 / user / mo from July 2026
New in E7
Copilot for M365
AI assistant embedded in Word, Excel, PowerPoint, Outlook and Teams. Wave 3 adds embedded agentic workflows and autonomous task execution.
Was $30 / user / mo add-on
New in E7
Agent 365
Control plane for AI agents — observability, identity controls and governance for agents operating across the organisation as digital workers.
GA 1 May 2026 · $15 standalone
Upgraded in E7
Entra Suite
Full Entra Suite vs E5’s Entra ID P2. Adds Private Access (ZTNA), Internet Access (SASE) — replacing legacy VPN with Zero Trust network access.
Zero Trust network upgrade
Northforge perspective

E7 isn’t a licence you buy and switch on. For regulated organisations, the journey to safely deploying Copilot and governing AI agents in a PROTECTED environment is a security programme — one that requires solid E5 foundations, mature data classification, and identity governance that extends to non-human agents. Northforge helps organisations across Defence, Defence Industry, Federal Government and National Security build that readiness.

E5 Security vs E7
what’s different
Capability M365 E5 M365 E7
Defender for Endpoint P2
Microsoft Purview (compliance)
Microsoft Intune Suite
Entra ID P2
Microsoft Sentinel (SIEM)
Power BI Pro
Entra Private Access (ZTNA) New
Entra Internet Access (SASE) New
Microsoft 365 CopilotAdd-on $30/user/mo✓ included New
Agent 365 (AI agent governance) New
List price (from July 2026)$60 / user / mo$99 / user / mo
Who this applies to
regulated organisations running PROTECTED M365
Defence
Defence agencies & programmes
Defence organisations operating PROTECTED Azure and M365 environments under ISM, DSPF and ASD guidance. The most complex deployment context — classified network integration, strict accreditation requirements, and mission-critical operational constraints.
ISMDSPFIRAPPROTECTEDMission-critical
Defence Industry
Prime contractors & Defence suppliers
Defence Industry organisations required to handle PROTECTED information under DISP or contractual obligations. Many are running M365 but haven’t built the security posture required to safely enable AI features. E7 represents both an opportunity and a compliance obligation.
DISPPROTECTED handlingISMSupplier obligations
Federal Government
Commonwealth agencies & regulators
Federal agencies operating under PSPF and ISM obligations who are evaluating Copilot and agentic AI for productivity uplift. Data governance maturity varies significantly across the APS — many agencies need structured uplift before AI features can be safely enabled across their M365 estate.
PSPFISMAPSWhole-of-governmentDTA
National Security
Intelligence & national security agencies
National security organisations operating at the higher end of classification. AI agent governance in these environments requires the most rigorous identity controls, audit trails and policy guardrails — and practitioners who understand the operational realities of classified programme delivery.
SECRET+Classified networksStrict governanceAgent identity
The challenge
why it’s not simple
Copilot reads everything the user can access
In any regulated environment, that means Purview sensitivity labels must be correctly applied, DLP policies enforced, and oversharing identified and remediated before Copilot can be safely enabled. Most organisations with E5 licences have not fully activated this stack. Turning Copilot on without that foundation creates real data exposure risk — especially where PROTECTED information is handled.
AI agents need identities — those identities need ISM-aligned controls
Agent 365 governs AI agents as digital workers. Each agent needs an Entra ID identity, access controls scoped to principle of least privilege, audit logging, and policy guardrails aligned to ISM and PSPF obligations. No published ISM or PSPF guidance exists for AI agent identity governance yet — organisations need practitioners who can apply security frameworks to novel technology from first principles.
The Entra Suite upgrade changes the network security architecture
Entra Private Access (ZTNA) and Internet Access (SASE) represent a significant architectural shift for organisations still running traditional perimeter security or legacy VPN. Integrating these with existing classified or regulated network architectures and ISM-aligned Conditional Access policies requires experienced Entra and network security practitioners.
The E7 readiness journey
how Northforge gets you there
Stage 01
E5 Security foundations
Activate and harden what you already own
Most organisations have E5 licences but haven’t fully deployed the security stack. Northforge audits your posture and activates Conditional Access, Entra ID P2, Defender for Endpoint and Intune — aligned to ISM controls and Essential 8 maturity. This is the prerequisite for everything that follows. Applies equally to Defence, Defence Industry and Federal Government environments.
Entra ID P2Conditional accessDefender hardeningEssential 8ISM alignment
Stage 02
Data classification readiness
Purview labelling, DLP and AI readiness assessment
Copilot amplifies access to information. In any environment handling PROTECTED data — whether a Defence programme, a DISP-accredited supplier, or a Federal agency — Purview sensitivity labels must be applied, DLP policies enforced and oversharing remediated before AI features are enabled. Northforge deploys label taxonomies aligned to Australian Government classification policy and validates your environment is AI-safe.
Microsoft PurviewSensitivity labelsDLP policiesAI readinessAusGov classification
Stage 03
Copilot deployment
Safe Copilot enablement within ISM and PSPF controls
Northforge scopes Copilot deployment for your regulated environment — defining which users receive access, which data Copilot can reach, what audit and logging obligations apply, and how Copilot interactions are governed under your security policy. We apply first-principles ISM and PSPF reasoning where no specific Copilot guidance yet exists in either framework. Relevant to Defence, Federal Government and Defence Industry organisations alike.
Copilot scopingAccess policy designAudit & loggingISM first-principlesPSPF alignment
Stage 04
Agent 365 governance
AI agent identity, access and governance framework
As Agent 365 becomes the control plane for AI agents operating as digital workers, Northforge designs the identity and governance framework — Entra identities for agents, least-privilege access scoping, audit trails, and policy guardrails for classified and regulated environments. This is new territory for every organisation. Northforge helps Defence, National Security and Federal Government navigate it safely — applying the same governance discipline we use for human identities in SECRET environments.
Agent identity designAgent 365 configLeast-privilege accessAudit trailsGovernance framework
Why Northforge for E7
our advantage
01
We’ve operated at SECRET
Our team has designed and operated classified on-premises environments. When we apply that discipline to Copilot and agent governance in PROTECTED and Federal contexts, we’re applying proven security thinking from a harder classification level — not adapting commercial best practice.
02
Deep Microsoft stack expertise
Entra ID, Purview, Defender, Intune, Sentinel — we’ve deployed the full E5 stack in regulated Defence and Government environments. E7’s additions (Copilot, Agent 365, Entra Suite) sit on top of foundations we already know intimately.
03
First-principles ISM & PSPF reasoning
Neither the ISM nor the PSPF have caught up with Copilot or AI agents yet. Defence, Federal Government and National Security organisations need practitioners who can apply existing frameworks to novel technology. That’s exactly what Northforge does.
04
Accreditation built in
Every stage of the E7 readiness journey produces IRAP-ready artefacts — architecture documentation, security risk assessments and control evidence — aligned to The Forge Method™. Readiness and accreditation move together across Defence, Defence Industry and Federal Government programmes.

Ready to start your E7 readiness journey?

Northforge helps Defence, Defence Industry, Federal Government and National Security organisations build the E5 foundations and security posture needed to safely deploy E7.

Start the conversation →