Microsoft’s subscription licensing is an important topic to me for many reasons. The most important is that I see companies buy a bundle, such as Enterprise Mobility + Security (EM+S), but are only interested in a single feature, such as Self-Service Password Reset (SSPR) with writeback for on-premises AD. Except now they own MDM, MFA, and behavioral analytics licenses that never get deployed. Or worse, they buy the same functionality from another vendor such as AirWatch, Okta, or Netskope because they don’t know they already own the same functionality with Microsoft.
As a consultant, it’s import that our clients are getting the most from their Microsoft licensing so they can maximize their budget to get the best protection for their organization. We partner with a number of security vendors, including KnowBe4, CyberArk, and SecPod to provide a holistic security solution, and if you’re buying the same feature from two different vendors, the costs add up quickly.
If you’re not working with a Microsoft CSP provider yet, I’d encourage you to sign up for one of our free cyber security assessments to have one of our experts review what you already own and create a strategic cyber security roadmap for your organization.
What did I just buy?
Or if you work in sales—what did I just sell? Microsoft has no shortage of comparison charts. Here are a few links that I used for reference to write this article:
Even as a Gold Microsoft partner, when I see that Office 365 E3 sort of includes AIP, I need to refer to my notes to see what that means exactly. As of February 2019, here are the features and retail prices for the most common SKUs (full XLSX here).
What should I buy?
I already expressed my thoughts that you’re (likely) on the wrong Microsoft license. For an organization of any size with an online presence, you should seriously consider one of the Microsoft 365 SKUs. (Unless you have purchased parts of the bundle through an EA, non-profit, or educational SKU.)
Just as you can purchase a new car without adaptive cruise control to save money in exchange for having to manually turn cruise control on and off, you can purchase Office 365 by itself to reduce your initial costs at the expense of having manually review logs. But with the projected shortfall of 3.5 million cyber security professionals by 2020, you may actually be increasing your overall costs if you don't invest in automation now.
Microsoft spends over $1 Billion a year on security research and uses AI to interpret 6.5 trillion signals daily via the Intelligent Security Graph. With over 3,500 security engineers, it’s possible that Microsoft has more employees in its cyber security department than you have in your entire organization. All you have to do to take advantage of this combined risk intelligence and automation is purchase the correct Microsoft 365 license.
Microsoft 365 F1
Firstline workers, employees that only need email, and contractors are a few types of users that would benefit from the Microsoft 365 F1 license. The business value for investing in M365 F1 licenses include:
Foster culture and community: By utilizing Microsoft Teams, your employees will have access to persistent chat, and provide your firstline workers access to the same corporate resources in SharePoint Online that are used by the rest of your organization.
Train and upskill employees: Microsoft Teams can serve as your source of institutional knowledge to train and upskill your employees, creating opportunities for workers to develop, grow, and apply their skills.
Digitize business process: Give your firstline workers and contractors access to your organization’s modern digital workflows that are embedded in SharePoint, Flow, and Teams.
Minimize risk and cost: Make sure your organization’s data is only accessed from compliant devices and reduce your attack surface for potential breaches.
Microsoft 365 F1 provides the following productivity tools:
Exchange Online Kiosk
SharePoint Online Kiosk
2 GB of OneDrive Storage
Office Online for web versions of Word, Excel, and PowerPoint
The main reason to upgrade to Microsoft 365 F1 SKU over Office 365 F1 is because of the added security features, which include:
Multifactor Authentication (MFA)
Intune for MDM and data sandboxing
Office Message Encryption
Microsoft Advanced Threat Analytics
Infused Innovations also recommends adding Office 365 Advanced Threat Protection (ATP) P1 to this SKU to help protect users from phishing attacks.
Microsoft 365 Business with Azure AD P2
If you have fewer than 300 employees and are currently using Office 365 E3, you need to switch to Microsoft 365 Business right now. Both licenses are $20/mo and Microsoft 365 Business adds Windows 10 Pro licensing, along with all the security features that you need to keep your organization secured.
Microsoft 365 Business includes most of the security features from Microsoft 365 F1 plus the Office 365 ATP P1 benefits. However, M365 Business is missing the conditional access feature, which allows you to deploy MFA to all your users without them noticing.
Infused Innovations recommends deploying Microsoft 365 Business with the Azure AD P2 add-on to gain the following benefits:
Azure AD Identity Protection
User Risk Profiling, including
Automatically force password changes for breached accounts
Automatically require MFA challenges for high risk users
Microsoft 365 E3 with Identity Threat Protection (ITP)
Microsoft 365 E3 with Identity Threat Protection (ITP) is the new “hero” SKU if your organization doesn’t need an integrated VoIP solution. The Identity Threat Protection is $12/mo and adds the following advanced features to your E3 SKUs:
Azure AD P2
Office ATP P2
Microsoft Cloud App Security
Microsoft Defender ATP
The five SKUs above provide all the cyber security licensing that you need to detect breaches and perform digital forensics across the entire attack chain. The P2 features of Microsoft SKUs also add automation features that let you respond to breaches at the speed of the cloud. Human minds can no longer keep up with modern attacks and Microsoft 365 E3 with ITP provides enterprise-class security features for your organization.
Microsoft 365 E5
Microsoft 365 E5 allows you standardize on the entire Microsoft security and productivity stack for your organization. As previously mentioned, Microsoft 365 E5 adds VoIP integration to the Microsoft 365 E3 + ITP SKU.
The other important SKU that you receive is Azure Information Protection P2, which allows you to automatically apply encryption templates to documents based on regular expression templates. Microsoft will be releasing a new unified labeling experience to use across your AIP, DLP, and Cloud App Security policies.
Unless you’re on Microsoft 365 E5, licensing is confusing. Fortunately, Microsoft is trying to simplify and consolidate their bundles around the features that fit common roles across multiple industries.
However, you’re probably asking yourself something like: I already own Windows 10 Pro licenses—do I need Microsoft 365 Business? Or, I have a volume license for Windows 10 Enterprise-how can I license only Microsoft Defender ATP? The easiest answer is to schedule a call using the form below to speak with one of our licensing experts. Prices change every month and Microsoft releases new SKUs several times a year—keeping up to date with Microsoft licensing can feel like a full-time job by itself, which is another reason it’s important to partner with a Microsoft Cloud Solution Provider to help guide you to the right license for your organization.