Exploring Microsoft’s enterprise E3 and E5 licensing options; what’s included, why they exist, who they’re for, and the costs and benefits of each.
There’s a shortage of good resources on the Internet to explain Microsoft’s enterprise licensing options. And for good reason – it’s darn complicated.
To try and rectify that situation, we’ve put together this blog to explain the differences between Microsoft 365’s two main enterprise licensing options: E3 and E5.
With Microsoft products in use by over a million different organisations worldwide (Statistica, 2021), there was never going to be an easy one-size-fits-all solution to licensing. Microsoft’s somewhat fragmented licensing approach is a result of trying to provide the flexibility for every organisation to only pay for what they need.
It comes from a good place, honest. Although that’s understandably small consolation when you’re trying to decipher what it is YOU need amongst all the different SKUs, name changes/rebrands, technology groupings, and add-on licences.
So, strap in, as we break down Microsoft’s biggest enterprise licensing options.
Microsoft 365 E3 and E5 are Microsoft’s top tier licences for enterprise-level organisations.
Organisations whose requirements go beyond the day-to-day business interactions and need additional identity management and governance capabilities as well as cutting-edge threat detection and response powers.
At a very high-level comparison:
Remove the complexity from Microsoft’s comprehensive security technology ecosystem. Download the 43-page e-Guide today and understand:
Below you’ll find a breakdown of all the different apps and technologies included in each licence by function.
Microsoft 365 Apps
The apps you know and love from Microsoft Office. Allows users to access their apps on up to five PCs/Macs, five tablets, and five smartphones per person. Also includes the online versions for web and mobile.
Email and calendar
Manage your mail, contacts, and calendar all from one place. Business-class email service built on Microsoft’s Exchange Server technology.
Meetings and voice
Easy and instant communication with your colleagues. Whether that’s online meetings, sharing links to files, or instant messages, Microsoft is continually evolving Teams to be an efficient hub for collaboration.
Any Teams meeting or call can be recorded to capture audio, video, and any presentations or screen sharing. That includes any live events or webinars you host through the Teams platform as well.
Workers save 104 minutes each week with improved online meeting functionality in Teams.Forrester Microsoft 365 Total Economic Impact Report
Device and app management
Let your users work from anywhere, on any device, without losing control of your security. Get your users set up with approved device configurations in minutes and ensure they can access the apps and services they need. Also enables you to revoke access and remotely wipe lost or stolen devices.
Much of this is achieved through Microsoft Endpoint Manager, which brings together Configuration Manager, Intune, Desktop Analytics, and Autopilot to provide you with one place to manage and control your endpoint activity and policies.
Social and intranet
Build a shared intranet hub for business updates and file templates using SharePoint. This provides a single source for information and documents relevant to all users or by department or team. Yammer offers a way to socially connect and engage employees on an enterprise scale.
Files and content
Ensure secure storage and enable your users to access the files they need with OneDrive. Engage with your organisation in a variety of formats by using Microsoft Stream and Sway.
Create and manage workflows, stay organised with a to do list, and build custom applications.
Provides personal organisation and productivity insights to help staff make the best use of their time and adjust settings according to their behaviour/job role.
Identity and access management
Identity sits at the heart of everything. This is the tech that verifies your users and provides them access to the resources they require based on policies and conditions set by you. It also allows you to govern those identities, provide access to partners, and enable secure single sign-on to improve productivity.
The ability to self-service some common admin tasks is also provided, such as self-service password reset (SSPR). This much-desired capability will save your IT support desk a lot of time and you a lot of money.
Self-service tools replace 75% of password reset tickets.Forrester Microsoft 365 Total Economic Impact Report
Bigger organisations are a top target for attack, so the ability to detect, investigate and respond to threats is key. Thanks to the power of the Cloud, Microsoft 365 allows you to monitor both your on-premises and cloud infrastructure simultaneously – with integrated services communicating key parts of the puzzle to give you the necessary visibility.
As of November 2021, E3 now features the new Defender for Endpoint Plan 1. This plan provides antimalware and device-based conditional access capabilities to protect your endpoints, but you’ll need Plan 2 or an E5 licence for access to Defender for Endpoint’s threat hunting features.
All organisations need to protect data. Microsoft Information Protection gives you visibility and control over your documents and data to ensure it stays secure. Right down to setting specific permissions based on user identity or information type.
Monitor your cloud apps and services for insights into how to improve your security settings. Make changes across your entire environment almost instantly.
In addition to the security tools mentioned below, you can also use Cloud App Discovery (included in Azure AD Premium Plan 1) to identify all the apps in use throughout your organisation – helping you locate and remove any unapproved apps.
Audit your environment for compliance risks and govern your sensitive data. Microsoft 365 features some effective tools to help you meet and prove regulatory compliance.
So that pretty much covers everything you get in the Microsoft 365 E3 licence. In this section, we’ll outline what you’d get in E5 in addition to the above.
Meetings and voice
In the E5 tier, you’ll get access to a dedicated phone and audio-conferencing system to use through Microsoft Teams.
Power BI Pro is included in the E5 licence. If you’re not familiar with it, Power BI Pro allows you to collaborate, govern, and visually report on data. With real-time updates and some slick presentation capabilities, the platform will help you articulate and keep on top of your business data intelligence.
Identity and access management
At E5 level, you can access Azure AD Premium Plan 2. It has all the identity, access, and protection features of Plan 1 but with additional security features.
In particular, Access Reviews (lets you regularly review and revoke access from users that should no longer have it) and Privileged Identity Management (PIM) – allowing you to add another layer of security to your MFA process.
You’ll also get enhanced identity protection capabilities in Azure AD Identity Protection. With credential theft and compromised identities becoming a common attack route into your environment, Azure AD Identity Protection will help you zero in on any suspicious sign-in or user behaviour.
45% of breaches in 2020 involved hacking, with 80% of those breaches involving the use of lost or stolen credentials.Verizon 2021 Data Breach Investigations Report
Additional threat protection solutions are one of the heavyweight benefits of an E5 licence – boasting the full suite of Microsoft ‘defenders’.
You can find out more about each of these Microsoft defenders here. But, suffice it to say, they’re designed to give you powerful detection and response powers across your entire environment.
There are some strong information security features included in E5. Notably, Plan 2 of Azure Information Protection (you’ll need this if you want the AIP scanner for automatic document classification and labelling) and a little thing called Microsoft Defender for Cloud Apps (previously called Cloud App Security).
Acting as gatekeeper to your cloud-based apps and services, Microsoft Defender for Cloud Apps helps provide granular controls over security policies and actions – helping to identify the use of Shadow IT and apps.
There are quite a few additional compliance capabilities reserved for the E5 licence, mostly around advanced discovery/audit and insider risk management.
Useful for digging deeper (and faster) into what sensitive data you have, where it lives, who can access it, and have processes and policies in place to prove compliance at audit.
For UK customers, Microsoft 365 E3 currently retails at around £32 per user/per month with Microsoft 365 E5 coming in at approximately £48 per user/per month.
Microsoft price the licences this way so that as employees or partners come and go from your organisation’s environment you only pay for the number of active users. That way you can accurately predict whether your licensing cost will go up or down as your business changes.
We should mention that there is a planned price increase across Microsoft 365 due to come into effect in March 2022.
At the time of writing, this increase will only affect one of the two licences covered in this blog – Microsoft 365 E3 – E5 will remain the same.
It really comes down to what you think you need. For some enterprises, an E3 licence may well be ‘good enough’ but, as we’ve highlighted above, there are some significant security and compliance benefits that come with E5.
It’s also worth going beyond the individual technologies included in E5 and considering the bigger picture.
Third-party security solutions can be replaced with those built into EMS, Windows 11 and Office 365, potentially saving over a million dollars in additional solutions.Forrester Microsoft 365 Total Economic Impact Report
You may well be using multiple point solutions to provide parts of what you would get in E5 – but consolidating your existing solutions into a single suite of technologies would provide several additional benefits:
|Individual point solutions||Vendor consolidation|
|Multiple contracts and vendors to negotiate/manage||One contract/relationship to manage|
|Increased training requirement due to different knowledge and processes required per solution||A common skill set and easy access to training resources and certifications (MS-500)|
|No holistic view or strategy||Tighter integration and signal sharing for a holistic approach|
|More expensive due to higher overall cost per solution||Easier to manage with consolidated portals|
|Slower threat detection and response due to lack of integration between systems||Can utilise built-in automation and orchestration capabilities|
|Threat detection and response time greatly increased due to integration and automation|
|Better (and quicker) ROI that’s easier to measure|
The diagrams below show the typical chain of attack, from a phishing email through to full domain compromise.
The first diagram highlights how many different products you’d need to cover each step of the chain and the second shows the same journey but from a Microsoft 365 E5 perspective.
As you can see, with the coverage, integration, and response power you’d get from a single vendor vs. 7, the value of E5 becomes quite apparent. Add to this the additional compliance and governance features such as PIM, auto-labelling, Advanced eDiscovery, Insider Risk Management, etc. and the cost/benefit analysis becomes distinctly one-sided.
AND, as if that wasn’t enough, the price increase coming next year closes the cost gap between an E3 and E5 licence – making E5 an even more attractive option.
If you think E3 or E5 could be the solution for your organisation, Microsoft has a dedicated FastTrack programme designed to help you get up and running as smoothly as possible.
As a certified Microsoft 365 FastTrack Ready Partner, ThirdSpace has access to a wealth of resources and funding through the FastTrack service to help our clients deploy, onboard, and improve their Microsoft 365 solutions.
FastTrack is available to everyone with a Microsoft 365, Office 365, Azure, or Dynamics 365 subscription at no additional cost.
If you’ve decided that a Microsoft 365 E3 or E5 licence is a good fit, we can work with you to onboard it quickly and correctly – applying best practices to ensure successful adoption and effective ROI.
Submit your business email to join our mailing list. You'll get a handy E3 vs. E5 comparison guide, covering Office 365, Windows 10, and EMS.
As head of our Mobility & Security practice, Mat’s responsibilities include ensuring that our technical knowledge and delivery capability are fully up to speed and current, as well as creating a...
READ AUTHOR'S FULL BIO
Understand what each Microsoft technology does and how they all integrate.Download 43-page Guide
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.