Microsoft’s Cloud Security license bundles demystified

Microsoft’s Cloud Security license bundles demystified

Over the past years, Microsoft has built a completely integrated eco-system of cloud cyber defence tooling. One of the big challenges in an expanding technology stack is maintaining simplicity in the licensing model. Multiple customers have told us they have difficulties understanding that licensing model.

Microsoft is and has always been keen on offering multiple options to the customer to acquire their different tools, by combining them into different bundles or to buy them stand-alone. This is based on different ‘flavours’ of some solutions, depending on the comprised functionality. The only downside to this strategy is that it is often complicated to find the best fit from a customer’s point of view.

Therefore, we’ll demystify the license bundles in this blog. We will only be focusing on the different security solutions in the bundles, not their specific functionality, price or other ‘non-security’ tools which might also be reasons to choose between plan E3 or E5.

Microsoft 365 E3 plan versus E5

Microsoft created the overarching bundle called Microsoft 365. If you go for a Microsoft 365 E5 license, you have it all. This is the most elaborate bundle available, giving you access to all the security solutions in their most advanced version or ‘flavour’, if you like. You will have everything on the picture above and are set to deploy an entire eco-system to protect your organisation against the constantly evolving cyber threats in the cloud and mobile-first world of today.

If you opt for the Microsoft 365 E3 plan, you will have the Office 365 E3 license, the Windows 10 Enterprise E3 license and the EMS E3 bundle license. This is everything comprised in the green frame in the picture above.

Office 365, Windows 10 & EMS

Microsoft has organised its security tooling in three bundles:

  • Office 365
  • Windows 10
  • Enterprise Mobility & Security (EMS)

You have the option to buy these three bundles separately. This is done by following the same logic, if we look at security tooling: you will make a choice between the E3 plan (green) or E5 plan (green and blue frame in the picture above).

By combining different plans of the three main solutions, you can create your total stack based on the flavour you prefer. Almost every specific security solution can also be purchased separately if necessary, but often it’s cheaper to go for the pre-set bundles instead of combining a couple of separate security solution components.

New bundles

As of February 1st 2019, Microsoft announced two new security sub-bundles diverting from the classic E3 versus E5 choice:

  • The Identity & Threat Protection bundle (the yellow security components in the picture): this bundle will combine the advanced threat protection and identity solutions in one offering. This allows you to go all the way in threat and identity protection and combine it with a standard Office 365 E3 plan, for instance.
  • The Information Protection & Compliance bundle (the red security components in the picture), on the other hand, combines the components focusing on advanced information protection and compliance.

The integration of the different individual security components is the real synergy creator when we talk about modern cyber security. Not every organisation is ready for a big change in their cyber defences. By giving you the power of choice in the different bundles, Microsoft aims at combining the best synergies possible to allow you to increase your security maturity level at your own pace. Unfortunately, this adds complexity to understanding the differences between the bundles as well.

The next logical question would then be: “Which bundle, or which specific security tools, do we need?” To answer this, you need to look at your current security defences and posture and make a fit-gap analysis based on what you need and desire, and the pace in which you would get to that ideal state. This is where we come in. By executing a Security Assessment, we make this exercise together with you, guiding you along the way.

The main takeaways:

1. Although it might seem like a complicated license bundle strategy, it does give you the power of choice.
2. One plus one equals three. The cyber security challenges of today give you a lot of domains to cover, where integration and bundling of different security defence tools will immediately show added value.
3. You are not on your own. We can assist and guide you as a trusted advisor through the entire process. With the help of best practices and our experience as cyber professionals, you will make the right choice and get your cyber defences up and running.

Are you interested in getting more details on Microsoft’s cloud security tooling, our services or a comparative test with your other cyber defence technology? Don’t hesitate to contact us.