Super-charging security on non-Microsoft 365 E5 plansAlex Fields
This article was updated in April of 2020
Microsoft 365 E5 is the Cadillac of plans. Basically every product in the 365 universe is bundled into this level subscription, and that includes a ton related to security.
Recently, Microsoft announced two new bundles aimed at security & compliance. The idea behind these plans is that non-E5 customers could pick one or both of these up, to super-charge their subscription with the same level of luster that E5 has to offer, but without fully moving into E5 (which also includes, among other things, a Teams-based Phone System).
After all, the retail price on the E5 bundle is USD $57.00/user/month–ouch!
Wouldn’t you much rather have a 12.00 security super-charge added on to an existing Microsoft 365 Business or Enterprise E3 bundle? Sign me up, Scotty!
Microsoft 365 E5 Security
Microsoft 365 E5 Security (formerly Identity & Threat Protection) retails for USD 12.00/user/month and is an amazing security bundle for the price. Here’s what it includes:
- Azure AD Premium P2
- Office 365 Advanced Threat Protection P2, which includes:
- Office 365 ATP P1 AND
- Office 365 Threat Intelligence
- Microsoft Cloud App Security
- Azure ATP
- Microsoft Defender ATP
The question is, will it also be possible to attach this new subscription bundle to Microsoft 365 Business Premium? The answer is yes you can.
However, be aware that you must also have Azure AD Premium P1 in place for this configuration to work (P1 is a pre-requisite to adding P2). (UPDATE: Microsoft 365 Business Premium now includes Azure AD Premium P1, making this even easier and more attractive). *Also, as I have previously mentioned here, as a Business subscriber you’d have to purchase Windows 10 Enterprise first, in order to really be licensed to use the full version of Microsoft Defender ATP (an Enterprise EDR product). Windows 10 E3 runs USD 7.00/user/month. Eeesh. So, compare the total pricing: Microsoft 365 Business (20.00) Azure AD Premium P1 (6.00) Microsoft 365 E5 Security (12.00) Windows 10 Enterprise E3 (7.00) GRAND TOTAL = $45.00 (USD). Therefore you’re better off moving to Microsoft 365 E3 (which DOES include Azure AD Premium P1) then add Identity & Threat Protection for USD $44.00 ($1.00/user/month savings).
UPDATE: Microsoft Defender ATP is now available as a standalone add-on to any version of Windows 10, even Pro. That price is USD 5.20/user/month for up to 5 devices.
Enterprise Mobility & Security E5
Perhaps you have considered the Enterprise Mobility & Security E5 bundle. This package contains many of the same products as Microsoft 365 E5 Security, but also includes the P2 upgrade for Azure Information Protection (which gives you the ability to automatically classify your data).
This add-on is 14.80. Note however that you won’t have Office 365 ATP P2 or Microsoft Defender ATP. Picking up both separately on top of EM+S E5 would land you at 25.00 total for your add-ons. However, when you consider that Azure Information Protection P2 weighs in at only $5.00 USD/user/month, it clearly becomes a better deal to start with Microsoft 365 Business Premium or E3, and add Microsoft 365 E5 Security. That combo is $32.00 or $44.00 respectively, and if you also wanted AIP P2 for auto-classifications, etc. then you’re up to $37.00/$49.00.
Wheew. Not confusing at all, right? Which is why I ask Microsoft: why not simplify all of this for us, and include a Microsoft 365 Business “B5” plan that runs somewhere between 30.00 and 40.00 USD, and contains the most reasonable bundle of software, for those with stronger security/compliance needs?
I am going to be watching for more developments on this, closely. I will let you know when I hear something definitive. If the MS licensing gods do ever open up WDATP to Windows 10 Business subscribers, or finally just include Azure AD Premium P1 with the primary product bundle, then Identity & Threat Protection is the one add-on I would recommend. If they come out with my dream plan (B5), better still. But until then, its just a confusing cluster.
So Microsoft 365 E5 Security is my go-to recommendation if you want to be successful with a “Security as a Service” offering to your customers.