When it comes to deciding which Microsoft 365 Enterprise license fits your organisation best, there’s a lot of information to process.
As you will be able to tell if you’ve read our guide to Microsoft 365 licensing, the suite contains a lot of technology.
Here we’ll make it easier for you to confidently make a decision between the available licenses: E5 and E3. We’ll be taking a closer look at each of the core elements Microsoft 365 Enterprise – Windows 10, Office 365, and Enterprise Mobility + Security – focusing specifically on what additional capabilities the E5 advanced workloads can offer your business.
Anti-malware/virus is no longer enough on its own. All organisations are encouraged to adopt an “assume breach” attitude to security. A recent survey showed that 46% of compromised endpoints had no malware on them (Mandiant M-Trends Report, 2017), and attackers are just as likely to use an array of more advanced methods to compromise an endpoint: social engineering, direct hacking and inside knowledge, to name just a popular few.
Windows 10 E5 adds a new service – Windows Defender Advanced Threat Protection (WDATP) – that helps organisations to detect, investigate and react to advanced attacks on their networks and endpoints. Your organisation’s threat risk is well presented in a simple-to-use portal/dashboard, with a rich attack timeline for investigation that enables you to prioritise actions and remediate.
With WDATP, Microsoft has added a post-breach layer to the extensive Windows 10 security stack that is already available in E3, across device protection, identity protection, information protection and threat resistance.
Office 365 E5 is a suite offering that includes features across three categories of investment:
A recently-published UK survey has revealed that the use of fake or compromised email accounts (via a practice known as phishing or whaling) to steal information increased by 39% in the last three months of 2016.
Microsoft has a comprehensive set of security technologies built-in to Office 365, which help mitigate against these and many other sophisticated threats.
Office 365 ATP provides Safe Attachments and Safe Links by protecting against both known and unknown malware and viruses, providing a cleaner user inbox and better zero-day protection to safeguard your organisation.
All relevant threat information is presented through a clean and clear dashboard, which allows you to see who in your organisation is being targeted and the category of attacks you are facing.
Take a look at our recent blog post for more information on Advanced Threat Protection.
Many organisations want to understand whether your data is truly isolated and define exactly who has access to it (including Microsoft) and for how long.
Customer Lockbox provides you with explicit control in the very rare instances when a Microsoft engineer may need access to your organisation’s content (e.g. to resolve a support issue).
Data governance is all about keeping your data around when you need it and getting rid of it when you don’t.
With data governance in Office 365, you can manage the full content lifecycle, from importing and storing data at the beginning, to creating policies that retain and then permanently delete content at the end.
Makes sense of the billions of data feeds on threats and aggregates O365 security data by industry, peer organisations. This intelligence partner by smart incident response through attack alerts, detailed forensics and remediation workflows, places you in a position to respond quickly to changing threat conditions.
Advanced Security Management provides threat detection and enhanced visibility into your organisation’s Office 365 usage and shadow IT, so that you can take the appropriate action when there is suspicious activity on your Office 365 tenant and before your environment has been breached.
Advanced eDiscovery adds machine learning and text analytics to strengthen the eDiscovery capabilities in E3. It accelerates the sorting of vast quantities of information, helping you to quickly identify relevant data while decreasing cost and risk.
To call EMS E5 the “advanced security workloads” is doing EMS E3 a slight disservice. There are many great security technologies in E3, particularly Advanced Threat Analytics (ATA). For an overview and demo of ATA you can view our on-demand webinar.
Here we will focus on the extended security technologies in EMS E5.
CAS gives you visibility and control of shadow IT in your organisation. It can provide you with the ability to set policies (out-of-the-box or custom) that control data sharing and data loss prevention across over 13,000 Microsoft and third-party SaaS apps.
The in-built machine-based learning helps to identify high-risk usage and abnormal user behaviour, which are automatically surfaced through the threat dashboard to help you understand when you need to respond and stop a threat in its tracks.
AIP extends the rights management function available in E3 to include automatic document classification and labelling. This means you now have the ability to set policies for each new document created, which will enforce or suggest its level of classification, as opposed to relying on users to self-classify each document accurately.
This ensures that you have greater control over your data and information; where it goes and who can open, forward, print and save it. You can also track each document in a portal and revoke access at any time.
AADP includes all the capabilities in Azure AD Premium P1 (EMS E3) and adds Identity Protection and Privileged Identity Management.
Azure AD Identity Protection leverages billions of signals to provide risk-based conditional access to your applications and critical company data. Azure Active Directory uses adaptive machine learning algorithms and heuristics to detect anomalies and suspicious incidents that indicate potentially compromised identities.
Using this data, Identity Protection generates reports and alerts that enable you to evaluate the detected issues and take appropriate mitigation or remediation actions to keep your organisation and data safe.
Azure AD Privileged Identity Management helps you define, manage and protect defined “privileged” accounts, so you can discover, restrict and monitor administrators and their access to resources, and provide just-in-time access when needed. This minimises the risk of a security breach if – or when – those identities become compromised.
Microsoft 365 Enterprise goes a long way to supporting organisations through the journey of delivering a modern, productive workforce experience, while ensuring data is protected from the latest cyber security threats continuing to proliferate and increase in sophistication.
We have merely revealed the tip of the iceberg when it comes to the variety and breadth of technology available in Microsoft 365. We have focused heavily on the security aspects of included in E5 and highlighted the components that help organisations protect themselves from the latest threats, as well as detect and react to a security breach.
In an “assume breach” world, we all need to think differently about the level of security and protection we need to safeguard our information and data, whilst ensuring that all employees continue to have a simple, seamless and highly productive experience.
The security technology now available in both E3 and E5 variants is extensive and growing, and the per user subscription model (allows user access on up to five devices) has made Microsoft 365 a straightforward, cost-effective and extremely compelling offering, for providing the control to liberate your employees and your business.
Next, watch our conditional access and MFA webinar on-demand and learn why these technologies are key to securing your organisation’s assets.
Or download ‘The business case for cyber security’ e-Guide for best practice on how to take a proactive and pre-emptive approach to tackling the issue.
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, Security and Compliance.
Oxford Computer Group UK officially rebranded as ThirdSpace in the UK on 16 October. This rebrand reflects our broadening identity and security solutions, as working practices extend from the office and home into working flexibly and collaboratively from anywhere – Your "ThirdSpace".Continue to ThirdSpace
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.