I realized recently that I had not heard Priva mentioned in a client conversation for well over a year. No questions about it, no requests to evaluate it, no mentions in roadmap discussions. It had simply gone quiet.
When I went to check whether anything had changed, the What’s New page on Microsoft Learn gave me the answer in a single bullet point. At the time of writing, that page now returns a 404. Make of that what you will 🙂
But before getting to that, something else caught my attention first.
The Changes in Core Licenses
In December 2025, Microsoft published its M365 packaging update for July 2026. The headline was that several previously paid add-ons were being absorbed into core M365 plans: Intune Remote Help, Intune Advanced Analytics, Endpoint Privilege Management, Enterprise Application Management, Microsoft Cloud PKI, and Defender for Office 365 Plan 1 among them.
Priva was not on the list.
That is not a small detail. When Microsoft decides which products deserve to be bundled into core licensing, it is telling you where it sees long-term value. Intune made the cut. Defender made the cut. Priva did not. Microsoft bundles what it believes in, and that omission says more than any official statement.
That was the most recent signal. It was not the first.
What Priva Was Supposed to Be
Microsoft announced Priva at Ignite in November 2021, at a moment when GDPR anxiety was still high and organisations were looking for automated tools to manage privacy obligations at scale. The pitch was a good one: a privacy operations platform built into M365, capable of identifying privacy risks in your data, automating responses to data subject requests, and giving privacy teams the visibility they needed without building everything from scratch.
Two capabilities reached general availability: Privacy Risk Management and Subject Rights Requests. Both were useful, within limits. The problem was always those limits.
The Scope Problem That Was Never Solved
Priva only ever scanned data inside M365: Exchange Online, SharePoint, OneDrive, and Teams. That is a good slice of an organisation’s data estate, but for most organisations it is not the whole picture. Personal data lives in CRM systems, HR platforms, financial applications, on-premises databases, and dozens of other places Priva could not see.
A privacy compliance tool that cannot look beyond its own ecosystem was always a partial answer. Microsoft knew this, which is presumably why several preview features were positioned as the solution to that limitation. Those features never arrived.
The Preview Features That Disappeared
In December 2025, the What’s New page for Priva was updated with the following: four preview capabilities had been removed from the portal. Consent Management, Privacy Assessments, Subject Rights Requests for data beyond Microsoft 365, and Tracker Scanning were all gone. No general availability. No replacement. No roadmap update.
These were not minor additions. Subject Rights Requests beyond M365 would have extended Priva’s reach to data outside the Microsoft ecosystem, which was the only way to make it a credible enterprise privacy tool. Privacy Assessments would have provided automated DPIA-like documentation. Tracker Scanning would have addressed cookie and consent compliance for web properties.
All of them, removed quietly after years in preview.
The Cost Reality
Priva Privacy Risk Management is priced at $5 per user per month, applied across the entire tenant, as a mandatory add-on on top of any M365 or O365 subscription. It is not included in E3. It is not included in E5. Subject Rights Requests are licensed per request, in blocks of 1, 10, or 100.
For a 500-seat organisation, Privacy Risk Management alone is $2,500 per month. For a product whose preview roadmap has just been cancelled and whose scope was always limited to M365 data, that is a difficult number to justify at renewal.
What Microsoft Actually Built Instead
The capabilities that Priva promised are largely covered, for organisations on E3 or E5, by tools that are already included in the licence. Purview Information Protection handles data classification and labelling. Data Loss Prevention covers oversharing controls across M365 workloads. Compliance Manager provides regulatory framework mapping for GDPR, NIST, ISO 27001, and others.
The more interesting development is Purview’s Data Security Posture Management for AI (DSPM for AI). This addresses a privacy problem that did not exist when Priva launched: what organisational data can Microsoft Copilot surface, and how do you prevent unintended exposure through AI interactions? Priva never evolved to address this. DSPM for AI does, and it sits inside Purview rather than as a separate paid add-on.
The Practical Recommendation
If your organisation currently has Priva, the question to ask at your next renewal is straightforward: what are you actually using it for, and is that use case covered by Purview capabilities you are already paying for?
If the answer to the second question is yes, the renewal decision makes itself.
If you were waiting for Priva to grow into the full privacy compliance platform Microsoft originally promised, the December 2025 update confirmed that wait is over. The platform was not completed. The preview features were removed. And when Microsoft had the opportunity to signal long-term commitment by including Priva in its July 2026 packaging update, it chose not to.
That is a clear enough answer.
