Well, you’re probably on the wrong Microsoft 365 business license. If you’re on one of the following plans, then skip this article:
- Microsoft 365 E5
- Microsoft 365 E3 plus Microsoft 365 E5 Security (Previously called Identity Threat Protection)
- Microsoft 365 Business plus Azure AD P2
But if you’re like most organizations that we speak to, then you’re running a mix of Windows 7, Windows 10 Pro, Office Home & Business, Office 365 Business Premium, or even Office 365 E3 / E5.
Why are you on the wrong Microsoft license for your business?
Because none of the products that I just mentioned include Microsoft’s cloud security stack. Do you access your email on your cell phone? You can’t sandbox that data without Intune. And if you’re using a third-party MDM, you’re missing out on the benefits of the Microsoft Intelligent Security Graph.
If you have fewer than 300 users and currently license Office 365 E3 only, you need to switch to the Microsoft 365 Business license right now. Both SKUs are the same price, but Microsoft 365 Business also gives you MFA, MDM for Windows / iOS / Android, Windows 10 Pro licensing, and Office Advanced Threat Protection to protect your users from malicious email links and attachments. The only caveat is that you will need to reinstall Office, but Intune does that easily with a simple device configuration policy.
Azure AD P2 provides automated Identity protection for your users. When Microsoft finds a user’s credentials on the dark web, or determines that there was a high-risk sign in activity, then Azure AD will block the sign in attempt and force the user to change their password immediately after completing an MFA challenge.
Security Orchestration & Automation
The days of waiting for your support desk or SOC to review an alert and contact the user to change their password are gone. Human minds can no longer keep up with today’s cyberattacks. You must automate your security responses if you want to limit the damage of a security breach.
At Infused Innovations, we prefer that all our clients are using Microsoft’s cloud security stack to protect their cloud environment. Microsoft uses machine learning and artificial intelligence to respond to 8 trillion signals daily—there is no other company in the world with this type of dataset. This means that Microsoft can block a new strain of polymorphic malware in as little as 15 minutes.
We’ve seen companies spend hours onboarding and offboarding employees using products like:
- Okta for SSO
- Duo for MFA
- AirWatch for MDM
- Mimecast for archiving
- Cisco AMP, Carbon Black, CloudStrike, or Cylance for ATP
By standardizing on the Microsoft stack, you can eliminate costs for redundant features, increase security by having all your security tools work together instead of in silos, and provision new users in minutes instead of hours.
Microsoft 365 License Roadmap
The security road map for all cloud-enabled companies should be Microsoft 365 E3 plus Microsoft 365 E5 Security. These SKUs allow you to take advantage of Microsoft Defender ATP (formerly Windows Defender ATP) and Windows 10 Enterprise’s virtualization-based security. If you’d like to leverage Teams for VoIP, then Microsoft 365 E5 is the next logical step.
For a full breakdown of all Microsoft 365 SKUs, head over to our complete Microsoft 365 licensing comparison matrix. Also, read up on our top 10 security best practices with Microsoft 365 in 2020.
For a full review on Microsoft 365 Business service subscription, click here.
Note: some folks have made the comment that Microsoft 365 Business Premium ships with Office 365 Business Premium, which doesn’t natively support Microsoft provided ADMX files. You can modify the ADMX files yourself to support Office Business Premium or grab a copy here: https://github.com/iothacker/Microsoft-Office-365-Business-Group-Policy-ADMX-Templates
The Github repo above is not Microsoft supported, which may be a deal breaker for some organizations. I’m not sure why…they’re just registry entries. But it’s important to be aware of!