Which Microsoft Security License Should I Get?

Spend 30 minutes deciding instead of months researching.

Microsoft is delivering best-in-class cloud security products that are being held back by a very complex licensing system. Industry research organizations like Gartner stated this point explicitly in its most recent Magic Quadrant evaluation for endpoint protection platforms. CyberMSI routinely explains Microsoft licensing to its customers.

In this blog we will explain what the major Microsoft cloud security product licenses do and how you can decide which one your organization needs. We will also have separate sections for the main licensing types to reduce confusion and make the decision-making process easier.

Primary Licenses

Microsoft 365 Business Standard

This is the bare minimum license that most organizations will have for their users that need Office applications. It provides the Office essentials with only the bare minimum amount of security features that are built directly into Office apps. This license should be used by users that do not interact with sensitive data.

Microsoft 365 Business Premium

Business Premium is the first license with additional security features included. Users with this license can be protected by basic identity features like multi-factor authentication and Azure AD. There are also basic protections for devices like Intune and for data like Azure Information Protection (AIP). This option should be chosen for users that need some security controls but not a significant amount.

Office 365 E3

Before starting these next sections, it is important to understand the difference between “Office 365” and “Microsoft 365” licenses. The Office 365 licenses are designed for using Office applications specifically, while the Microsoft 365 licenses are designed to cover all aspects of the user’s security.

The E3 series of licenses is the standard license for users that are concerned about security. The Office 365 E3 license has Office application security features like information security and governance. This option should be chosen for users that need to have standard security controls on the information in their Office applications.

Microsoft 365 E3

The Microsoft 365 E3 license is designed to have standard-level security features for the overall security of the user with the license. It has almost all the security features of both the Business Premium and Office 365 E3 licenses. This option should be chosen for users that need standard-level security controls for all their activities, not just Office.

Office 365 E5

The E5 series of licenses are the premium security licenses Microsoft offers with all the features that Microsoft has available. The Office 365 E5 license has all the security feature available for Office apps. It has all the Office 365 E3 license features plus premium Office 365 security features like Defender for Office 365, Office 365 Cloud App Security, and Office 365 Advanced Compliance. This option should be selected for users that are handling very sensitive data in their Office applications.

Microsoft 365 E5

Microsoft 365 E5 is the highest tier license that Microsoft offers. It gives the user access to all the tools available to secure users with the license. This includes XDR tools like Defender for Endpoint, Microsoft Cloud App Security, and all features for Defender for Office 365. This option should be selected for users that need the best security that Microsoft has to offer. This is the license that all the analysts, engineers, and managers at CyberMSI use to secure their data.

Microsoft 365 E5 Variants

Microsoft customers wanted to have some of the premium features from the Microsoft 365 E5 license without having to pay for all the features that they would not be using. The solution for this was to create variants of the E5 license that only had some specific features. The following is a list of E5 variants that are currently being offered.

• E5 Compliance: Has the compliance and data management features from the E5 license.
• E5/A5 Information Protection Governance: Another version of the E5 Compliance license focused on data governance.
• E5 Insider Risk Management: This license only has the E5 internal information controls like Communication Compliance and Privileged Access controls.
• E5 E-Discovery and Audit: This license only has the discover and audit features from the E5 license.

Office 365 E1, F1, and F3

The E1 license and the F series licenses are unique because they do not include the traditional Office apps, they only have the basics needed for communication like Teams, Exchange, and SharePoint.

These licenses come with the minimal build-in security features because they are designed for front-line workers rather than office workers that handle sensitive data. If the data frontline workers are working with does have sensitive information, the F3 license has additional security features like BitLocker and Credential Guard.

Add-On Licenses

Microsoft offers most of their premium features as stand-alone products for customers that only want one of the features. When evaluating the security needs of users in your environment, it is worth considering if the features the user needs can be bought individually at a cheaper price than it would cost to upgrade their license.

We will continue to share best practices and lessons learned in future posts on working with Microsoft cloud security products. The explanations in this article should help with your decision-making process when purchasing Microsoft licenses for your organization.

In closing, consider these three questions when using Microsoft security licensing in your organization:

1. Have we taken an inventory of the security needs of our organization members?
2. Do we have the specific needs of our users mapped out so that we can decide which license and add-on combination to use?
3. How can we succinctly describe the reasoning behind our license choices to the person that will sign off on the budget?