TLDR; The security features included in E3 with E5 Security licensing are essential for a comprehensive view of your IT security, and in our opinion, should form the core of any business’s Microsoft 365 Licensing and configuration.
In simple terms, Microsoft Business Standard is similar to having a padlock on the door, because access is only controlled with a username and password. Whereas, E3 with E5 licensing is similar to having a security guard on the door, asking where people are coming from and checking they are who they say they are. It does this through Conditional Access which are simple if-then policies, e.g. if a user wants to access a resource, then they must complete an action like Multi-Factor Authentication. It also does this through Risk Profiling, whereby you set permissions and set policies to manage insider risk.
With Business Standard, if you come back to find your door broken in, all you can see is that the lock has been broken. There is no more information about the attack. Whereas with E3 with E5, you have a security guard on the door, they can tell you where the person came from, how many times they tried to break in, who else they have tried to break into using the same method.
E3 with E5 Security gives you so much more visibility into attempted attacked and what the system has done to prevent them. This information is invaluable in stopping future attacks and securing your environment.
It is our aim through this article to raise awareness of what is missing from Microsoft 365 Business Standard and what are the key advantages gained by upgrading to Microsoft 365 E3 + E5 Security.
So you think Microsoft 365 Business Standard has everything you need to run your business securely? We think you’ll be surprised to learn what you’re missing out on.
Microsoft 365 Business Standard (previously known as Office 365 Business Premium) is a license for organisations who require Office applications across multiple devices, with the addition of business email, cloud file storage and online meetings and chat and is one of the most popular Microsoft 365 licenses. It doesn’t include any of the key security features such as cyber threat protection, device management, advanced threat protection or multi factor authentication. Because of its positioning, it is usually used by SMB’s who just aren’t aware where it fits into Microsoft’s overall product offering who believe that the Enterprise products are just for much bigger organisations.
We argue otherwise. Afinite believe that every businesss should make their choice based on understanding what their options are rather than a preception of price and belief that a product called Business Standard would be just that.
The diagram below is taken from Aaron Dinnage‘s excellent m365maps.com website and shows the stark difference in feature set between Microsoft 365 Business Standard and Microsoft 365 E3 + E5 Security which is the product, in our opinion, should form the core of any business’s Microsoft 365 Licensing and configuration.
As more businesses migrate their data to the cloud; in Microsoft Terms through the use of SharePoint and OneDrive; securing access to this data across various devices becomes increasingly important and is arguably one of the most important challenges businesses face when embarking or continuing on their cloud journey.
This need is only exacerbated by the post COVID-19 remote working shift is forcing organisations to adopt threat mitigation and automated security solutions to stop damaging attacks, making the security features of the Microsoft 365 platform a crucial part of their workflow and daily experience. It is our aim through this article to raise awareness of what is missing from Microsoft 365 Business Standard and what the key advantages gained by upgrading to Microsoft 365 E3 + E5 Security.
Companies with cloud working environments face security risks like identity theft, compromised customer sensitive information, malware infections and compliance violations.
Microsoft 365, with its advanced security offerings such as E5, helps secure business cloud technologies with automated security operations. However, if not appropriately configured, an organisation’s implementation of Microsoft 365 could put the company at risk of loss from data theft, reputational damage, regulatory compliance penalties, and worse.
We have identified 6 benefits of the security features of E3 with E5 Security and how they benefit your business:
E5 Security Benefit #1: Integrated, holistic approach
E5 Security integrates multiple areas including label distribution protocol (LDP), access management, endpoint protection (AV and firewall), email filtering and information protection features to provide a complete service.
Microsoft 365 E5 security combines depth of capability with breadth of capability, enabling organisations to replace disparate cyber security systems delivered by multiple vendors with a single, consolidated security stack.
E5 Security Benefit #2: Advanced Threat Protection (ATP)
Advanced Threat Protection (ATP) protects your organisation from phishing attacks. If an employee receives a malicious email with links and attachments, ATP will scan the links/attachments, and block them from being opened if they are identified as being suspicious. This is an integral part of protecting your IT environment; if an employee opens a malicious link or attachment your hard drive can be corrupted, your data stolen, and you can be exposed to all sorts of online and offline fraud. So, having ATP gives you the peace of mind that your network is protected even if a phishing email lands in your employees’ inbox.
You can also set anti-phishing policies, which require ATP to check incoming messages and depending on your policy, take action, like blocking or reporting the message if it is identified as a phishing attempt.
It also performs vulnerability assessment through attack simulation, checking for all vulnerabilities and threats. Real-time attack scenarios help the organisation in educating its employees and spreading cybersecurity awareness efficiently.
E5 Security Benefit #3: Microsoft Defender for Endpoint
Windows Defender ATP (Advanced Threat Protection) is a powerful product that is designed to help you detect and respond to security threats. It generates alerts for spam, malicious involvement and security loophole compromising endpoint security. Windows Defender ATP is embedded in Windows 10, so it provides an extra level of protection because it not only helps you detect threats to your operating system, but it also helps you understand the actions you can take to neutralise the threat. So, if your current setup means you don’t know whether you are getting threats or (if you are) how to respond to them, Windows Defender ATP is the tool to help you do that.
E5 Security Benefit #4: Azure Information Protection P2
Azure Information Protection (AIP) is a great way to protect sensitive or confidential information and documents. AIP encrypts documents, tracks who has accessed a document and controls how it is shared, and who with.
For those familiar with Azure Information Protection, the P2 version is an extension of P1. It provides the ability to set automatic labels (like labelling a file as confidential if it contains sensitive data, such as credit card number) and control oversharing of information in Outlook.
E5 Security Benefits #5: Cloud App Security
Shadow IT refers to IT applications that are managed and utilised without the knowledge of an organisation’s IT department. In some cases, the use of shadow IT in a business can’t be helped; but Microsoft have addressed the problem of shadow IT with Cloud App Security. Cloud App Security allows you to identify non-Microsoft cloud apps and manage and secure them so that your organisation takes back control over the use of shadow IT. Resulting in less security risks within the business. You have control over who is accessing the applications, and there is further protection for any company data held within them.
As well as providing additional control, Cloud App Security protects sensitive information from being shared and used in the applications and protects against cyberthreats. So, if you have a lot of employees downloading and using non-Microsoft apps, Cloud App Security can give you peace of mind knowing that information is secure.
E5 Security Benefit #6: Azure Active Directory
Azure Active Directory is a security feature of the Azure Active Directory Premium P2 plan that helps organisations identify and detect potential vulnerabilities attached to the user’s identity and the organisation’s identities.
It detects vulnerabilities and configures automated responses to manage and lock critical information systems.
To make use of this security feature, users must have the licensing rights of Enterprise Mobility + Security E5/A5 and Azure Active Directory Premium Plan 2.
The feature provides a comprehensive security solution for access groups and users, access control lists, and security control implementation like authentication and authorisation mechanisms.
For example, if I receive a document that is protected by AIP, I won’t be able to screenshot the document, save it or share my computer screen on Skype or Teams (thereby showing the document to someone else).
AIP is a great way to make sure that documents are controlled even when they leave your organisation.
E5 Security Benefit #7: Identity & Access Management
Microsoft E5 offers Identity and Access management capabilities for single-sign-on (SSO) and SaaS (Software as a service) applications in businesses.
This covers cloud identity management challenges such as password fatigue, visibility, and synchronisation with on-premise systems.
Using integrations with Windows 10/11, this feature also detects anomalous behaviour in the network, identifies threats in information systems, minimising and controlling damage across your Microsoft 365 systems.
If you’re ready to see the difference this makes in your governance, the team at Afinite can help you implement these features, or have any other questions please feel free to get in touch with us. You can arrange a meeting with one of our team here, just choose the time that best suits you below.
Book a Meeting