Business Premium is the biggest gift to small business since Small Business Server. It’s a modern take on a total solution for a small business network. Every small business should be using it. While Business Premium contains Defender XDR and other security tools, cyber security has moved faster than the feature set. However, now with the ability to purchase the E5 Security add-on for Business Premium license holders, that problem is solved.
For several years, I’ve been recommending that small businesses consider Business Premium + Entra P2 + Cloud App Security as their new standard network. Guess what E5 Security contains? Yep, this and more for a lower price! I’m excited for small businesses.
The why
Why was I recommending adding these licenses? Cyber security issues in small business have expanded dramatically. We have people that move between the office, the home and coffee shop that need to be secured. We have employees that are comfortable with self-service and will adopt cloud apps without asking IT, thus creating data leakage and security problems for the business they work for. Too many admins are only managing installed applications, while the applications in use in their network are mainly cloud based.
A few key features that were missing:
- Identity protection. This list is long. View the table here. What are risks in Microsoft Entra ID Protection – Microsoft Entra ID Protection | Microsoft Learn
- oAuth management and security controls
- Discover, manage and secure shadow IT added cloud apps, including AI
- Conditional access controls over sessions, integration of cloud apps and segmentation between home, office and travel apps and data access conditions.
This was my short list. Now we get this and more for less money with the E5 Security add-on.
What’s included?
The E5 Security add-on isn’t new, it just hasn’t been available for Business Premium license holders until now. It was designed as a way to keep Enterprises current with the latest cyber security features and not have to wait for a full suite upgrade to occur.
The E5 Security add-on for Microsoft 365 Business Premium includes:
- Microsoft Entra ID Plan 2
- Microsoft Defender for Identity (For on-premises)
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender for Office 365 Plan 2
- Microsoft Defender for Cloud Apps
Each of these contains numerous additional security features. Since these features are already published I’m going to leave it https://M365maps.com to list those and provide links to the reference material for you.
- Entra P1 + P2 = Entra ID Paid | M365 Maps
- Defender for Cloud Apps Discovery + Full license = Microsoft Defender for Cloud Apps | M365 Maps
- Defender for Endpoint P1 + P2 = Microsoft Defender for Endpoint | M365 Maps
- Defender for Office 365 P1 + P2 = Microsoft Defender for Office 365 | M365 Maps
- Defender for Identity = Microsoft Defender for Identity | Microsoft Security
Add this license costs $12 per user per month.
For small businesses invested in Microsoft technology and for MSPs moving to an all (or majority) Microsoft technology suite, it’s a no brainer. Business Premium + E5 Security add-on is the complete network that all small enterprises need. In addition to providing a great feature set, it will very likely also allow them to simplify and condense their use of other cyber tools, thus reducing gaps between unrelated vendors.
All we do is support IT professionals. Help for IT Pros, M365 admin News, Security community, Mentor-led Mastermind groups, MSP training and more. https://www.thirdtier.net
3 thoughts on “Why buy E5 Security for Business Premium?”
I agree that Business Premium and the E5 security add-on are great together.
It’s important for consultants/MSP’s to know that mixed licensing doesn’t work.
To enable E5 security features, all users in the tenant must be licensed. It’s not enough to license the more important users with E5 add-on. MS won’t enable the advanced functionality unless all users are licensed.
It’s easy to misread the licensing terms and set yourself up to disappoint your customer.
I don’t believe that this is the case. Yes, only licensed users will be protected by the features. It has never been sufficient with any Microsoft licensing to purchase a single license of anything for an entire company. However, there is 1 important thing to know about mixed licensing. From the FAQ.
Does Microsoft 365 Business Premium plus Microsoft 365 E5 Security allow mixed licensing for endpoint security solutions?
Microsoft Defender for Business does not support mixed licensing so a tenant with Defender for Business (included in Microsoft 365 Business Premium) along with Defender for Endpoint Plan 2 (included in Microsoft 365 Security) will default to Defender for Business. For example, if you have 80 users licensed for Microsoft 365 Business Premium and you’ve added Microsoft 365 E5 Security for 30 of those users, the experience for all users will default to Defender for Business. If you would like to change that to the Defender for Endpoint Plan 2 experience, you should license all users for Defender for Endpoint Plan 2 (either through standalone or Microsoft 365 E5 Security) and then contact Microsoft Support to request the switch for your tenant.
I do think that all users should be licensed even though it is not a requirement to do so. Cyber criminals often target low ranking employees first and use them as leverage to gain more access.
Appreciate the feedback Amy. I agree that we’ve all tenants where some users were Business Premium and protected with Defender for Business while others were lower levels such as E1 or F3 and not protected.
When the announcement was made recently on E5 security now being an option, we discussed it with one of our customers. They were interested but wanted to know if they needed the addon for all Business Premium users.
Not knowing for sure and not wanting to guess, I raised a ticket with Microsoft and asked. If I want a tenant changed to Defender for Endpoint P2, do all Business Premium users need to be licensed. A couple of days later, I got the answer – yes, everyone needs to be licensed. A mixed environment stays at the P1 level.