Understanding the Security Features in Different Microsoft 365 Licences
Over the past year cyber security has become an increasingly hot topic, and for good reason. A recent study by the UK government found that two in five businesses (39%) and one in four charities (26%) have reported having experienced cyber security breaches or attacks in the last 12 months. In this article, we’ll take a dive into Microsoft’s approach to integrated security and discuss the differences between some of the most common Microsoft 365 licence types.
Microsoft’s Integrated Approach to Security
With hundreds of security solutions out there, it can be hard to know where to start with securing your organisation. Microsoft’s Integrated Security takes a holistic approach to securing your organisation’s IT and data environment across 4 key vectors:
Identity & Access Management
Identity and access management (IAM) is the first line of defence and foundation of any secure digital working environment. It is a framework of policies, processes and technology that enables the management of user identities. It uses user credentials and other authentication methods like Multi-factor authentication (MFA) to determine whether the user using them is who they are claiming to be. Once their identity has been authenticated, the user is authorized to access the resources that they have been granted permission to.
Threat Protection
Threat Protection refers to a category of security solutions that defend against malware or hacking-based attacks that target sensitive data. It monitors activity across your entire digital estate and ensures that threats are rapidly identified and quarantined. Some of Microsoft’s most notable Threat Detection solutions include:
- Microsoft 365 Defender, which is a unified pre- and post-breach enterprise defence suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
- Defender for Endpoint, which is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
- Microsoft Cloud App Security, which is a cloud access security broker (CASB) that provides multifunction visibility, control over data travel, and sophisticated analytics.
Information Protection
Information Protection solutions help keep sensitive data secure irrespective of where it’s stored or where it travels. Microsoft’s Information Protection technologies allow you to set up and quickly configure data security policies with sensitivity labels. By creating sensitivity labels with pre-configured rules, you’re able to conveniently assign security policies to files that are applied regardless of where that file is stored.
Security Management
The Microsoft 365 security centre combines protection, detection, investigation, and response to email, collaboration, identity, and device threats, in a central portal. It has been designed to allow for quick access to critical security information, so you’re able to stay on top of your organisation’s security in real-time. The security centre includes:
- Microsoft Defender for Office 365, which helps organisations secure their enterprise with a set of prevention, detection, investigation and hunting features to protect email, and Office 365 resources.
- Microsoft Defender for Endpoint, which delivers preventative protection, post-breach detection, automated investigation, and response for devices in your organization.
- Microsoft 365 Defender, which is part of Microsoft’s Extended Detection and Response (XDR) solution that leverages the Microsoft 365 security portfolio to automatically analyse threat data across domains and build a picture of an attack on a single dashboard.
Comparing Common Microsoft 365 Licence Types
Each of the above mentioned vectors are protected by a variety of powerful security features that are deployed based on your Microsoft 365 or Office 365 licence type. These security features include:
With the above in mind, let’s take a look at how some of the common Microsoft 365 and Office 365 licence types are able to safeguard your organisation’s apps and data.
Microsoft 365 Business Standard vs. Microsoft 365 Business Premium
Microsoft 365 Business Standard is a licence for businesses who need Microsoft Office applications across multiple devices as well as business email, cloud file storage and online meetings and chat. Microsoft 365 Business Premium includes everything Microsoft 365 Business Standard has to offer, with the addition of powerful security features to safeguard your business.
Why upgrade to Premium?
As is made clear by the above comparison, Microsoft 365 Business Premium is able to do a much better job of securing your organisation’s apps and data. While these additional security features do come with a bit of an extra cost, it’s a small price to pay for significantly reducing the risk of falling victim to cyber attacks. A 2018 study done by Kaspersky, found that the average cost of a SMB data breach is around £85,000. Additionally, when comparing the Microsoft 365 Business Premium licence fee to what it would cost to deploy these security features using third-party vendors, it’s clear that Business Premium offers excellent value for money:
Office 365 E3 vs. Microsoft 365 E3
The Microsoft 365 Enterprise plans effectively mirror the Office 365 Enterprise plans, with the addition of a Windows 10 Enterprise licence and Enterprise Mobility and Security (EMS) features. While Microsoft 365 Business Premium might be suitable for most businesses under 300 seats, it does have it’s limitations. This is where Microsoft 365 E3 comes into play. Microsoft 365 E3 can be seen as the minimum requirement for organisations that have complex or regulatory requirements around security and compliance.
Why upgrade to Microsoft 365 E3?
As was the case with the previous comparison, Office 365 E3 will only provide you with the necessary tools to support your organisation’s productivity and collaboration, and won’t give you adequate protection against cyber attacks. Microsoft 365 E3 is built for businesses who want the best in productivity and collaboration while operating in a secure and compliant environment.
Microsoft 365 E3 vs. Microsoft 365 E5
Microsoft 365 E5 is Microsoft’s flagship licence and is the most complete productivity and security solution available. This licence is a significant step-up from Microsoft 365 E3, and includes many additional features, such as: Teams Voice capabilities, Power BI Pro licences and a variety of top-tier security technologies.
Why upgrade to Microsoft 365 E5?
As Microsoft’s ‘Hero’ licence type, Microsoft 365 E5 is built for organisations that want to have the best in productivity, security, and compliance. The additional security features allow you to have greater control and visibility over your Microsoft 365 environment. You’ll benefit from all of Microsoft’s best security features, including Microsoft 365 Defender for Endpoint, Office 365 and Identity, Azure Active Directory Premium Plan 2, and Cloud App Security. Additionally, The E5 licence gives you the ability to configure and automate security policies and regulations, which, in turn, leads to significantly less administrative overheads.
Conclusion
While there isn’t any one licence that is suitable for all organisations, we hope that you’ve gained a deeper understanding of Microsoft’s approach to security and how the various licences are able to safeguard your business. It’s important to understand that simply purchasing a high-end licence, such as Microsoft 365 E5, will not secure your working environment. These licences need to be properly configured and continuously monitored to protect your business.
Need help making sense of your organisation’s security? As an Azure Expert MSP and Gold Security Partner, our team of in-house security experts are well-equipped to help you understand which Microsoft 365 licence is best for you and how you’re able to leverage the power of Microsoft’s security solutions. So what are you waiting for? Get in touch via the link below: