Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Moving from an E3 to an E5 license for Microsoft 365 (M365) services can be an expensive proposition, both in time and money. This piece outlines the key decision points organizations
should consider when evaluating M365 licensing options (vs. third-party security platforms) for email hygiene, endpoint protection and eDiscovery/compliance.
Microsoft frames the E5 license either as a way to get the increased security benefits of using Microsoft-provided security monitoring and response services, or to gain additional business and data analytics services such as Power BI, Teams Phone System
PBX capabilities or compliance tools for eDiscovery, audit and data retention.
From a purely security perspective, however, the cost to upgrade to E5 should be assessed against both the potential cost savings realized by eliminating third-party email hygiene or endpoint detection and response (EDR) platforms and the need for increased
M365 security training when moving away from third-party security tools and to an all-Microsoft setup.
Microsoft says the upgrade from E3 to E5 represents a list price increase of 75 percent. For M365 customers with thousands of users, this can be a significant cost that requires reallocation of resources across IT. It’s not uncommon that the security
team is tasked with eliminating third-party security tools to help recover the costs and apply those dollars toward the E5 license costs.
While Microsoft has significantly improved the security services available as part of the E5 license, there may still real benefits to using third-party provided services for your particular organization.
In the case of email hygiene, incumbent platforms have more granular controls. They can also provide a separation-of-duties of sorts that you may not have with Microsoft-native tools.
For example, consider the case of an attacker using a combination of a browser exploit and an MFA bypass attack to compromise an Exchange administrator account. The attacker then uses those admin privileges to disable key email hygiene functions for high-value
executive users, and then proceeds to run targeted spear-phishing attacks against those executives. Such an attack would likely be more difficult to coordinate with a diverse email hygiene supply chain (because it would require multiple sets of credentials
Another perspective to consider, though, is the fact that Exchange Online Protection (EOP) does a much better job of reducing the risk of email-delivered ransomware for intra-company attacks. For example, if one user is compromised with a ransomware dropper,
and the attacker uses that compromised email account as a distribution point for the ransomware executables, third-party email hygiene products would not be able to look as closely at that attack situation as would the native M365 Office Defender
and EOP controls in an E5 licensing scenario. In cases where companies are using an email hygiene platform that only scans inbound emails from third parties, that email scan would not catch an internal ransomware delivery attempt.
The Microsoft Defender for Endpoint (MDE) platform has gone through a significant transformation over the last 24 months, with feature improvements and capabilities enhancements that in some cases exceed those of competitors (at least for fully updated
Windows 10 endpoints). However, organizations with diverse endpoints (Mac, Linux, etc.) will see less value and greater operational burdens.
A justifiable situation for leveraging an E5 license is one where the organization has a fully modernized endpoint fleet, uses Microsoft Endpoint Manager as the configuration management platform and updates all systems within three weeks of release of
If third-party tools are used for configuration management and a full-featured EDR is in place across a highly diverse set of endpoints, the value of MDE is very difficult to realize.
In addition to email and endpoint security, organizations often have significant investments in the eDiscovery realm that could potentially be redirected toward paying the cost of an E5 license. However, at the time of this writing, Microsoft’s
compliance solutions are more focused on organizations with fewer than 10,000 users.
An enterprise with under 10,000 users could conceivably rely on the E5 license to replace the costs of another compliance platform, but it will be important to make that changeover after a full evaluation of Microsoft’s capabilities.
Relying on security tools provided via Microsoft’s E5 M365 licensing can provide an acceptable level of cybersecurity risk management for some organizations. Before that decision is made, however, security teams should perform a thorough risk analysis
of the Microsoft services and capabilities versus third-party-provided services. Important areas to focus on include:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 26, 2023
By IANS Faculty
Access key data sets from the 2023 edition of IANS and Artico Search’s Security Budget Benchmark Report. Gain valuable insights on security budget increases and the drivers behind them.
September 21, 2023
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.