The new and confusing Microsoft 365 SKU’sAlex Fields
I have written one post on Microsoft 365 (Business edition) so far. And I haven’t had as much time to continue playing with it as I like. But, here is what I can tell you: the literature out there on these SKU’s can be confusing, since they are mostly marketing-oriented, and non-technical.
- Some people think this is Windows 10 as a subscription in the cloud
- Others think this is like Office 365 plus some new yet obscure security features they don’t really understand, etc.
- There is truth in the above, but people just as often simply conflate these products with the similarly-named Office 365 SKU equivalents
So here is the deal: Microsoft 365 is basically a bundle of bundles: Office 365, Enterprise Mobility & Security (EMS), and also Windows 10 licensing which unlocks some additional security/device management features:
- Microsoft 365 Business includes Office 365 Business Premium (plus Exchange Online Archiving), most of EMS E3*, Advanced Threat Protection (ATP), as well as Windows 10 “Business” edition
- Microsoft 365 Enterprise E3 and E5 includes Office 365 Enterprise E3 or E5, as well as EMS E3 or E5 (respectively), plus Windows 10 Enterprise edition, E3 or E5
- At the time of this writing, the Enterprise versions of these SKU’s are not available for purchase in the Office 365 portal–you would need to contact Microsoft sales in order to setup an Enterprise Agreement
- Also important to note is that your enterprise SKU’s not only give you Enterprise versions of Windows 10, but also Windows Server CAL’s via the EMS bundle which is included
- Advanced Threat Protection (ATP) is included with E5, but not E3–note that the Business Edition also includes ATP.
The Microsoft 365 SKU’s
Image credit: ITProMentor.com
*Note: the Microsoft 365 Business edition does NOT include a full blown EMS E3 subscription, but it does include Azure Information Protection P1 and Microsoft Intune; I do not, however, see that Azure AD Premium P1 is included, just regular Azure AD, and no sign of ATA, either, but ATP is indeed included.
Now, I have written on both the Office 365 bundles, as well as the EMS bundles, in my two previous posts, so refer to those if you want to examine the differences between these plans closer. I can also recommend the Office 365 Service Descriptions for more detail, if you’re curious. The enterprise level subscriptions here especially contain a lot of security goodies since they are bundled with EMS E3 and E5, but even the Business edition has some surprisingly awesome features, like Azure Info Protection, Intune and ATP. A quick review of the pricing in USD (at the time of this writing):
- Microsoft 365 Business – $20.00 / user / month
- Microsoft 365 Enterprise E3 – 32.00 / user / month
- Microsoft 365 Enterprise E5 – $57.50 / user / month
The special “Device management” features for Windows 10
The Windows 10 / Device Management portion of this package works as follows:
- The device can be joined to Azure AD (instead of an on-premises AD)*
- The device’s license will change to Windows 10 Business (basically a cloud upgrade to a standard Pro license), or Windows 10 Enterprise, respective to your subscription level
- The device is also thereby enrolled in Device Management (which probably leverages some of the Intune technology in the background but is NOT just Intune–there is a new/different management console presented in the 365 Admin portal)
From a practical perspective, this means three things:
- That these devices will be managed primarily in the cloud, and secondarily or not at all on-premises (hard-joined to Azure AD)*
- You have access to Windows Autopilot, which will automatically setup Windows Azure-AD joined devices with the appropriate Windows 10 & Office 365 software
- Lastly, it unlocks the ability to remotely wipe the corporate data or factory reset an Azure-AD joined Windows 10 device
That’s about it–sorry if it seems like a lack-luster presentation, but there it is in a nutshell. In short, it seems that the “Microsoft 365 Business” subscription generally assumes that the assets being joined to the subscription are not managed on-premises, or that the organization is primarily cloud-based. The Microsoft 365 Enterprise” editions generally assume hybrid infrastructure–on-premises and in-cloud, evidenced by the presence of both Windows 10 client OS licensing as well as Windows Server CAL’s via EMS.
*Nevertheless, it would be possible to use this subscription with premises-based AD-joined devices–e.g. you could “hybrid-join” the devices to both on-premises and Azure AD. And note: It is also possible to hard-join devices to Azure AD with an Office 365 subscription only, but you just don’t get the same level of device control including pushing a policy down to the device, and remote device wipe for Windows 10. Nevertheless, you should realize that it is possible to join a device to Azure AD, even without this larger subscription bundle.