The new and confusing Microsoft 365 SKU’s

Back to Blog
17Jul2018

The new and confusing Microsoft 365 SKU’s

I have written one post on Microsoft 365 (Business edition) so far. And I haven’t had as much time to continue playing with it as I like. But, here is what I can tell you: the literature out there on these SKU’s can be confusing, since they are mostly marketing-oriented, and non-technical.

  • Some people think this is Windows 10 as a subscription in the cloud
  • Others think this is like Office 365 plus some new yet obscure security features they don’t really understand, etc.
  • There is truth in the above, but people just as often simply conflate these products with the similarly-named Office 365 SKU equivalents

So here is the deal: Microsoft 365 is basically a bundle of bundles: Office 365, Enterprise Mobility & Security (EMS), and also Windows 10 licensing which unlocks some additional security/device management features:

  • Microsoft 365 Business includes Office 365 Business Premium (plus Exchange Online Archiving), most of EMS E3*, Advanced Threat Protection (ATP), as well as Windows 10 “Business” edition
  • Microsoft 365 Enterprise E3 and E5 includes Office 365 Enterprise E3 or E5, as well as EMS E3 or E5 (respectively), plus Windows 10 Enterprise edition, E3 or E5
    • At the time of this writing, the Enterprise versions of these SKU’s are not available for purchase in the Office 365 portal–you would need to contact Microsoft sales in order to setup an Enterprise Agreement
    • Also important to note is that your enterprise SKU’s not only give you Enterprise versions of Windows 10, but also Windows Server CAL’s via the EMS bundle which is included
    • Advanced Threat Protection (ATP) is included with E5, but not E3–note that the Business Edition also includes ATP.

The Microsoft 365 SKU’s

Image credit: ITProMentor.com

*Note: the Microsoft 365 Business edition does NOT include a full blown EMS E3 subscription, but it does include Azure Information Protection P1 and Microsoft Intune; I do not, however, see that Azure AD Premium P1 is included, just regular Azure AD, and no sign of ATA, either, but ATP is indeed included.

Now, I have written on both the Office 365 bundles, as well as the EMS bundles, in my two previous posts, so refer to those if you want to examine the differences between these plans closer. I can also recommend the Office 365 Service Descriptions for more detail, if you’re curious. The enterprise level subscriptions here especially contain a lot of security goodies since they are bundled with EMS E3 and E5, but even the Business edition has some surprisingly awesome features, like Azure Info Protection, Intune and ATP. A quick review of the pricing in USD (at the time of this writing):

  • Microsoft 365 Business – $20.00 / user / month
  • Microsoft 365 Enterprise E3 – 32.00 / user / month
  • Microsoft 365 Enterprise E5 – $57.50 / user / month

The special “Device management” features for Windows 10

The Windows 10 / Device Management portion of this package works as follows:

  • The device can be joined to Azure AD (instead of an on-premises AD)*
  • The device’s license will change to Windows 10 Business (basically a cloud upgrade to a standard Pro license), or Windows 10 Enterprise, respective to your subscription level
  • The device is also thereby enrolled in Device Management (which probably leverages some of the Intune technology in the background but is NOT just Intune–there is a new/different management console presented in the 365 Admin portal)

From a practical perspective, this means three things:

  1. That these devices will be managed primarily in the cloud, and secondarily or not at all on-premises (hard-joined to Azure AD)*
  2. You have access to Windows Autopilot, which will automatically setup Windows Azure-AD joined devices with the appropriate Windows 10 & Office 365 software
  3. Lastly, it unlocks the ability to remotely wipe the corporate data or factory reset an Azure-AD joined Windows 10 device

That’s about it–sorry if it seems like a lack-luster presentation, but there it is in a nutshell. In short, it seems that the “Microsoft 365 Business” subscription generally assumes that the assets being joined to the subscription are not managed on-premises, or that the organization is primarily cloud-based. The Microsoft 365 Enterprise” editions generally assume hybrid infrastructure–on-premises and in-cloud, evidenced by the presence of both Windows 10 client OS licensing as well as Windows Server CAL’s via EMS.

*Nevertheless, it would be possible to use this subscription with premises-based AD-joined devices–e.g. you could “hybrid-join” the devices to both on-premises and Azure AD.  And note: It is also possible to hard-join devices to Azure AD with an Office 365 subscription only, but you just don’t get the same level of device control including pushing a policy down to the device, and remote device wipe for Windows 10. Nevertheless, you should realize that it is possible to join a device to Azure AD, even without this larger subscription bundle.

Business, Productivity, Technical , , , , , , , 1 Comment
Share:

Comment (1)

  • Ivan de Sousa Reply

    Thank you! ;)

    July 17, 2018 at 8:15 am

Leave a Reply

Back to Blog

Related Posts

18Jul

Reader question: How do I setup iOS devices after disabling app permissions consent for my users?

I continue to get great feedback and questions from our readership lately. Keep it up! I love to field these questions and use them to improve my literature. This person (who is also an MVP) also wished to remain anonymous, and had a couple of... read more
18Feb

How-to migrate Email from Small Business Server 2008/2011 or Exchange Server 2007/2010 to Office 365 with Zero Downtime

Update: Please refer to this newer article. Some of the details here are very dated--like there is no hybrid key anymore--and the activation only works on 2016, not 2019, plus we have minimal hybrid now, etc., etc. A "minimal hybrid" approach is preferred if you're... read more
30Nov

PSA RE: Hotfixes: A friendly reminder to keep up with the latest bits

Hey IT Pros. I know many of you are still maintaining (and even still deploying) older versions of Hyper-V, Remote Desktop Services and other Windows Server roles. These in particular, Hyper-V (and failover clustering) as well as Remote Desktop, are notorious for buggyness and issues that... read more
09Jun

Email migration paths from SBS/Exchange to Office 365

Whether you are a small business migrating from SBS Server 2003, 2008 or 2011, or a mid-sized business operating with Exchange On-premises (or even if your email system is hosted), there is probably a migration path available for you. Here are various methods you would have to choose from based solely... read more
02May

Get Rid of My Servers!

If the cloud is supposed to be so great, then why do so many small businesses still have servers? It is a fair question. The truth is, you probably do not need to maintain servers on-premises, but that doesn't mean you won't still want to. The majority of... read more
15Jul

How to create an Anonymous relay connector in Exchange 2016

Hey, somebody moved my cheese again... If you configured an anonymous relay connector in Exchange 2013, for example to allow scan-to-email from an MFP device or other on-premise application, you probably remember that you needed to choose "Frontend Transport" and "Custom." If you left it on Hub Transport, it... read more
11Feb

Microsoft Intune vs. MDM for Office 365

I have previously written about configuring Mobile Device Management for Office 365.  The Office 365 Admin Center has a great subset of features lifted from Microsoft's cloud-based Intune service, which is admittedly a much more "full-blown" MDM solution. Whether you are using MDM for Office 365 or Microsoft... read more
14Jan

Comparing Office 365 Migration Methods

At the time of this writing, Microsoft offers three primary migration paths from on-premises Exchange servers into Office 365: Cut-over, Staged and Remote Move.*  In this series I would like to discuss each of them, and highlight the differences. Cut-over migration The first option is the cut-over migration.... read more
21Feb

What are the benefits of using Autopilot in Microsoft 365? And, how to configure it.

Autopilot is a "low touch" or "no touch" deployment method that can be leveraged by IT departments to enable self-service computer deployments. Users can basically pick up a new Windows 10 device, sign in, and have all of their applications and data come to them... read more
11Jul

How to fix guest processing errors on Hyper-V virtual machine backups

So you setup a third party backup system, sticking mostly to defaults on the job settings, with "application aware" or "guest OS processing" enabled, in order to capture Hyper-V virtual machines, and keep their application data consistent (process database transaction logs, etc.) Or, perhaps you... read more

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me