You’ve probably already seen the email. Microsoft is raising prices on most Microsoft 365 plans starting July 1, 2026. Your office manager forwarded it. You glanced at it, noted the new per-user number, and moved on.

That’s how most firms handle it. The increase hits the credit card, the monthly bill goes up a little, and nobody thinks about it again.

But before you file it away, consider this: in the M365 audits we run for our clients, we consistently find security and compliance tools that are included in the plan but never turned on. Not obscure, buried settings. Features like advanced threat protection, data loss prevention, and device management — sitting there unused while the firm pays full price every month.

The price increase is happening either way. The real question is whether you’re getting full value from what you’re already paying for.

What’s changing in July 2026

Microsoft is raising prices on most Business plans effective July 1, 2026 (annual commitment, annual payment):

Business Basic: $6 → $7/user/month
Business Standard: $12.50 → $14/user/month
Business Premium: unchanged at $22/user/month

Enterprise SKUs are also going up (Microsoft 365 E3 moves from $36 to $39, and E5 picks up Security Copilot), but most small and mid-size companies are on Business Standard or Business Premium, so that’s where the math matters most.

Microsoft is also bundling some new capabilities to justify the increase. Business Basic and Standard get URL safety checks in email and Office apps. On the Enterprise side, E3 picks up Defender for Office 365 Plan 1 and expanded Intune features. These are real additions, but every one of them requires configuration — and based on what we see in client environments, most will sit untouched unless someone deliberately sets them up.

The Business Premium math just changed

This is the part worth paying attention to. If your company is on Business Standard, there’s a good chance you’re also paying for Microsoft Entra ID P1 as a separate add-on so you can use Conditional Access policies. Entra P1 is also going up, from $6 to $7/user/month.

After July, the numbers look like this:

Business Standard + Entra P1: $14 + $7 = $21/user/month
Business Premium: $22/user/month

That’s a $1 gap. Today it’s $3.50. After July, the upgrade to Business Premium costs your company an extra dollar per user per month — and it includes everything in Standard plus Defender for Office 365, Intune device management, sensitivity labels, data loss prevention, and more.

If you’re already paying for Entra P1 as an add-on, Business Premium is now nearly the same price and gives you a full security and compliance toolkit on top of what you already have.

What Business Premium includes (that most companies aren’t using)

If your company is already on Business Premium — or considering the upgrade — these are the tools that come with the plan. They aren’t add-ons. They’re included. And in most environments we audit, they’re sitting there unconfigured.

Sensitivity Labels

You can classify and protect documents by client, project, or confidentiality level. A sensitivity label can prevent a document from being forwarded, copied, or shared outside the organization. For any company handling sensitive client information, this is a basic safeguard that rarely gets set up.

Data Loss Prevention (DLP)

DLP policies let you create rules that prevent certain types of information from leaving your organization. Think trust account numbers, Social Security numbers, or confidential client information being emailed to a personal Gmail address. You can set these rules to block the message, warn the user, or notify an administrator. In our audits, DLP is one of the most commonly available but completely unconfigured features.

Retention Policies

Every professional services firm has obligations around record retention — law firms and CPAs especially. How long do you keep client emails? What about closed matter files? Retention policies in Microsoft 365 automate these decisions. You set the rules, and the system enforces them. This also helps with litigation holds, where you need to preserve specific communications. Without retention policies, you’re relying on individual employees to manage their own inboxes, which is not a reliable system.

Conditional Access Policies

Conditional Access lets you control how and where people log in. You can require multi-factor authentication when someone logs in from an unfamiliar location, block access from personal devices entirely, or restrict access to company-managed computers only. For companies with staff working from home or while traveling, these policies are essential. If you’re on Business Premium, they’re included. If you’re on Business Standard, this is one of the main reasons companies add Entra ID P1.

Conditional Access is also your primary defense against newer phishing techniques that bypass MFA entirely. Without these policies, MFA alone won’t stop an attacker who’s already stolen a valid session token.

Microsoft Defender for Office 365

Many companies on Business Premium already have Defender for Office 365. Defender provides advanced anti-phishing protection, safe links that check URLs before you click them, safe attachments that scan files in a sandbox before delivery, and automated investigation tools that flag suspicious activity.

This is where it gets expensive: business email compromise remains the most common attack vector against professional services firms, and the FBI’s 2024 IC3 report attributed $2.9 billion in losses to BEC alone. A properly configured Defender catches the spoofed invoices, fake wire instructions, and impersonated partner emails that default Exchange Online protection misses. The problem is that most companies are still running default settings. Defaults leave gaps that BEC attacks are designed to exploit. The tool is there. It just needs to be tuned.

Copilot Chat

Microsoft now includes Copilot Chat with all M365 commercial plans at no extra cost. It gives your team access to AI chat grounded in web data, and you can upload or reference specific files during a conversation. In Outlook and Teams, Copilot Chat is also aware of the content you have open, so it can help summarize a thread or draft a reply in context.

Copilot Chat is not the same as a full Microsoft 365 Copilot license. It won’t proactively search across your company’s emails, files, and chats the way the paid version does. But for quick research, drafting, and working with documents you feed it directly, it’s useful — and most companies don’t know it’s available.

Intune Device Management

If your company provides laptops or allows employees to use personal devices for work, Intune gives you control over those endpoints. You can enforce disk encryption, enable remote wipe if a device is lost or stolen, and set app protection policies that keep company data separated from personal apps. For any company with BYOD usage, this is a layer of protection that’s included in Business Premium.

Starting in July, Microsoft is expanding what’s bundled for Enterprise customers: E3 gets Remote Help, Advanced Analytics, and Intune Plan 2. E5 also gets Endpoint Privilege Management. If you’re on Business Premium, you already have the core Intune features that matter most for a small company.

Most of this is a configuration problem, not a licensing problem

The pattern is predictable: a company pays for Business Premium because they need the Office apps, email, and Teams. The security and compliance features that ship with the plan never get configured because nobody prioritized the setup work.

The result is that you’re paying the premium tier price but getting the basic tier experience. Sensitivity labels, DLP, Defender, Conditional Access, Intune — they’re all included. Every one of them requires initial configuration, and none of them do anything out of the box.

If you’re on Business Standard and already paying for Entra P1, the July price changes bring Business Premium within a dollar of what you’re spending now — and you’d pick up Defender, Intune, DLP, and sensitivity labels at no meaningful additional cost.

How to find out what you’re missing

The first step is an M365 feature audit — a review of your current subscription and active configurations, mapped against everything your plan includes. It requires someone who knows what to look for and understands the specific risks your industry faces.

Your MSP should be able to run this for you. If they can’t, or if they’ve never brought it up, that tells you something about whether they’re managing your environment proactively or just keeping the lights on.

A good audit covers:

Which security and compliance features are active vs. available but unconfigured
Whether Defender is tuned beyond default settings
Permissions and sharing configurations that create risk
Retention and DLP gaps that affect your compliance obligations
Device management coverage across firm-owned and personal devices

After the audit, you’ll have a clear picture of what to turn on and what kind of effort is involved. Most of these features can be rolled out in phases without disrupting day-to-day work.

What to do before July

The July price increase is happening whether you do anything or not. The difference is whether you keep paying more for the same experience or actually start using the security and compliance tools your plan already includes.

We run no-cost M365 feature audits for Iowa companies. Whether you’re evaluating a move to Business Premium or just want to make sure you’re using what you already pay for, we’ll show you exactly where the gaps are. Let’s talk.