On May 1, 2026, Microsoft made E7 — its Frontier Suite bundling Copilot, Agent 365, identity, and "governance" — generally available at $99 per user per month. Three weeks later, on May 21, EY and Microsoft announced a $1 billion-plus, five-year initiative to roll the stack out to EY's 400,000-person workforce, with EY serving as the public "Client Zero" for enterprise-wide AI adoption.
The pricing is the headline most people will miss. $99 per user per month for a governance-and-AI bundle is the clearest signal yet that enterprise buyers are willing to pay real money for AI control. The EY deal removes any doubt about whether the F500 will actually buy at that number. They will. They already have.
But the more interesting question — the one your compliance officer is going to ask the week E7 rolls out — is what, exactly, E7 governs.
What E7 actually covers
E7 is, by design, a walled garden. The governance surface inside the bundle covers Microsoft's own AI: Copilot inside Word, Excel, Outlook, Teams, and the new Agent 365 surface. It ties those agents into Entra ID for identity, Purview for content classification, and Defender for the threat-detection layer Microsoft already sells. If a user invokes Copilot to summarize a document in SharePoint, E7 sees the prompt, the response, the data classification, and the audit trail.
That's a real capability. It's also a closed-loop one. E7 governs the things Microsoft makes.
What lives outside that loop
In every enterprise we work with, the AI tools generating the most compliance anxiety are not Copilot. They are ChatGPT, Claude, Gemini, and Perplexity — accessed through the browser, on the same laptop, often through the same SSO session that Microsoft is busy securing on the Copilot side. These tools are not Microsoft products. They do not flow through Entra ID enforcement. They do not write to Purview. They do not surface in Defender. Agent 365 does not see them. Copilot governance does not touch them.
This is not a flaw in E7. E7 was never designed to govern competitor tools. It was designed to make Microsoft's AI safe to deploy inside a Microsoft shop. The shadow AI surface — third-party generative AI accessed through Chrome, Edge, or Safari — is structurally outside its scope.
The result, for a CISO looking at the post-E7 environment, is the same problem in a smaller dollar bracket. You have just paid Microsoft $99 per seat to govern the AI Microsoft sells you. The AI that is causing the actual incidents — the paralegal pasting a client matter into ChatGPT, the analyst dropping unreleased earnings into Claude, the engineer asking Gemini to summarize a customer database export — is still completely unobserved.
Why this matters for regulated industries
For F5000 buyers in regulated verticals, this gap is not theoretical.
- Financial services under NYDFS Part 500 and OCC Heightened Standards must demonstrate "reasonable controls" on third-party AI exposure. Copilot governance does not satisfy that requirement when material non-public information is being typed into ChatGPT in a separate tab.
- Healthcare organizations subject to HIPAA must prevent PHI from being transmitted to non-BAA-covered services. Most consumer AI tools are not BAA-covered. E7 will not stop a nurse from pasting a discharge summary into a free Claude session.
- Defense and federal contractors under CMMC and ITAR have explicit prohibitions on data leaving controlled environments. Browser-based AI is the easiest possible exfiltration path. E7 cannot see browser-based AI.
In every one of these cases, the cost of a single incident dwarfs the $99-per-seat Microsoft is charging. The cost of the second incident, after a regulator has already asked what controls were in place, is existential.
The complementary layer
Containment.AI was built to govern exactly the surface E7 cannot see. Our enforcement runs at the browser layer, on the laptop, at the moment of use. When an employee types into ChatGPT, Claude, Gemini, Perplexity, or any of the long tail of generative AI tools your workforce has already adopted, we evaluate the content in real time against your policy and block, redact, or warn before the prompt leaves the device. It is preventive control, not after-the-fact discovery.
This is not a substitute for E7. It is the complement. For organizations standardizing on Microsoft, the right architecture is both: E7 governs the AI Microsoft makes, Containment.AI governs the AI Microsoft doesn't. At $29 per employee per month, our pricing is deliberately positioned as the mid-market enforcement layer that closes the shadow AI gap E7 leaves open.
What to do next
If you are evaluating E7 — or already rolling it out alongside EY, KPMG, Accenture, or your own implementation partner — the question to bring to the table is simple: what happens the next time someone in your workforce pastes a regulated document into a non-Microsoft AI tool? If the answer is "nothing detects it," you have an enforcement gap that no amount of Copilot governance will close.
We would rather you find that out from a vendor than from a regulator. Book a 20-minute demo and we will show you, in your own browser, exactly what E7 is missing.