I get a lot of questions about licensing when it comes to Office 365 and Microsoft 365. I don’t blame you. It is indeed very confusing. Allow me to clear it up for you.
Most SMB organizations (defined as less than 300 users) are going to fit nicely into Microsoft 365 Business Premium: this is the most widely adopted, value-packed SKU in the entire Microsoft ecosystem.
This subscription plan has become the Gold Standard in business for a reason: no other software bundle comes close to matching its feature set, and dollar for dollar, there is no better value out there.
If you are still on a legacy SKU like Office 365 Business Premium (now known as Microsoft 365 Business Standard), it should be on your roadmap to upgrade.
Why upgrade? Think back to the olden days. Would you ever recommend a workgroup over a domain environment for your typical SMB customer? No. You must have a common management and security framework for all of your corporate resources to participate in. That was the function of the old-world domain controllers and group policy of yore. But times have changed, haven’t they? Most of our resources are in the cloud, even if some remain on-prem. Therefore, it is time for a new management and security framework. Microsoft 365 Business Premium is your solution.
- Microsoft 365 Business Voice: Teams voice features. Read more about this add-on here, and find the Service Description here.
- Audio conferencing: Some people do not want all of the voice features including a full phone system. Some prefer to just get the Audio-conferencing option so that attendees have an option to join Teams calls using a dial-in conference line. Read more here.
- Windows 365 Business: This is a Cloud PC or “Virtual Desktop” experience that can be purchased separately. Read more about this offering here.
- Power BI Pro: The “Pro” version of Power BI opens additional capabilities beyond the basic version included with Business Premium. For example, you can share your dashboards and insights across the organization. Read more here.
- Microsoft Visio and Microsoft Project: The Business Premium bundle includes the web version of Visio and Project, however some organizations may want to purchase the “full” version that includes Desktop apps. Read more about the options for Visio and Project.
- Universal print volume add-ons: Universal print is like your “print server in the cloud.” Microsoft 365 Business Premium licensing includes 5 print jobs per user per month. Therefore, if you have 100 users in your organization you would have 500 print jobs per month. If you need to buy extra volume, you can do that with this license. Read more about it here.
- Microsoft Defender for Cloud Apps: Microsoft 365 Business Premium includes a lot of good security features such as Microsoft Defender for Business (covering anomalous behavior on endpoints); this add-on will look for anomalous behavior in the cloud. As well, you can use it to discover third-party cloud apps in your environment, and to apply Microsoft security controls to some of the most common apps such as Salesforce and Dropbox Business accounts. Read more about this product here.
Microsoft 365’s larger plans can be explained as a “Bundle of bundles,” that includes Office 365 (productivity) as well as EM+S (management) and then Windows licensing on top of it all.
There are four different “Bundle of bundles” plans, as of today.
- Microsoft 365 Business Premium: Typical information worker in the SMB. 95% of customers I work with fit nicely into Microsoft 365 Business Premium, which is dollar for dollar the best value out there (but again limited to organizations under 300 seats).
- Microsoft 365 F1/F3: Front-line worker plans do not include all of the features (e.g., Desktop apps), and they have more limited storage for email (2GB) and OneDrive documents (also 2GB). But each plan still includes full EMS E3 for management and the F3 plan adds a limited edition of Windows 10 Enterprise (with certain rights redacted, e.g., virtualization rights)
- Microsoft 365 E3: Typical info worker for enterprise customers; E3 versions of Office 365, EMS, and Windows Enterprise.
- Microsoft 365 E5: Sensitive info worker for greatest security & compliance capabilities, and/or typical worker with voice features in the cloud.
Yes, you may also mix-and-match licenses, moving certain sub-sets of users up or down in features as needed for their specific job roles/functions.
More about licensing
The Microsoft 365 bundles that are “all inclusive” generally have these core products in common:
Your productivity apps include stuff like Outlook, OneDrive, Word, Excel, PowerPoint, Teams, etc. Note that there are basically two “types” of Office 365 bundles: Business and Enterprise. Business subscriptions are targeted toward small and mid-sized organizations under 300 seats. Enterprise is for larger sized orgs (hundreds to thousands of users).
Front-line workers or those needing web/mobile access only (no desktop apps) would buy either Microsoft 365 Business Basic or Office 365 Enterprise E1 or F1. Note: F1 is like E1, but with even more limited features, such as a 2 GB limit on Email and OneDrive documents.
Typical information workers or those with Office apps on the desktop would need Microsoft 365 Business Standard (< 300 users) or Enterprise E3 (> 300 users).
Advanced or sensitive data workers may consider E5, which includes the most advanced security + compliance features, and some other cool software such as PowerBI Pro. E5 plans can be purchased either with or without voice features, but it doesn’t change the pricing. Business does not have an E5 equivalent at this time.
Enterprise Mobility + Security (EMS) is the “management layer” for a modern cloud-based, mobile workforce. There are a lot of products bundled in here that help you better manage identities, devices and data. But the main pillars of this product are listed in the below graphic.
It comes in just two flavors, E3 and E5. Notable differences are the leap from Azure AD Premium P1 (in E3) to P2 (in E5), and Azure Information Protection P1 to P2, likewise. As well as some additional security software such as Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) and more, that is only in E5.
Quick differences between E3/E5 plans is summarized as follows by the differences in moves between P1 and P2 versions of AAD and AIP:
- Azure AD P1: Includes device-based and location-based Conditional Access; e.g. lock down access by IP, country/region or managed vs. unmanaged devices.
- Azure AD P2: Includes Identity Protection which relies on “risk-based” Conditional Access; block or challenge access when the user sign-on is detected to be “riskier.” Also check out Privileged Identity Management.
- Azure Information Protection P1: Manually label and classify documents, apply encryption so they cannot even accidentally be shared to the wrong people.
- Azure Information Protection P2: Automatically label and classify data based on parameters you specify, such as sensitive data types like PII, credit card data, etc.
There are other software pieces available as part of EMS E5, such as Microsoft Defender for Cloud Apps. This is highly recommended as an add-on to any plan, to obtain advanced alerts and reporting on suspicious activity and other security features (which can be applied to Office 365 apps as well as some third-party apps).
There are three “levels” of Windows 10/11 subscriptions. But before we get to that, I am always asked, “Wait a minute, isn’t Windows free? I already have it on my device, even without a subscription…”
Sort of. If you have Windows on your device, but it is not tied to a subscription in the cloud, then you are not getting the additional features that are included with the cloud licensing. These features open up once you join your device to Azure AD, and your user account is assigned licensing that contains a Windows SKU (such as Microsoft 365 Business Premium, E3, or E5).
In order to join your device to Azure AD and unlock the cloud-delivered features, you must have the “Pro” version (not the “Home” version) of Windows. If you have Home edition, then you will need to obtain an upgrade from the Microsoft Store to get it up to Pro, first.
The primary differentiator between Windows editions centers around the security features that you have access to depending on your subscription level:
- Microsoft 365 Business Premium: Upgrades your device to Business edition and includes Microsoft Defender for Business.
- Microsoft 365 Enterprise E3: Upgrades your device to Enterprise E3 edition and includes Microsoft Defender for Endpoint P1.
- Microsoft 365 Enterprise E5: Upgrades your device to Enterprise E5 edition and includes Microsoft Defender for Endpoint P2.
See below for a breakdown of features in the three Defender (Endpoint) products:
It is worth noting that both Microsoft Defender for Business and Microsoft Defender for Endpoint allow you to protect other platforms as well such as macOS, iOS, and Android. So even though the Defender product is bundled with “Windows” licensing, it does in fact work cross-platform.