Choosing Microsoft 365 E5 Over E3: Key Differentiators and Potential Risks

Licensing
Written By Tony Mackelworth

Written By Tony Mackelworth

Introduction

When selecting the right Microsoft 365 plan for your organisation, understanding the differences between E3 and E5 is crucial. Both plans provide robust tools and services, but E5 offers significant enhancements that may align better with specific organisational needs. Here are the key differentiators that set Microsoft 365 E5 apart from E3, along with considerations for fully utilising advanced features and avoiding potential pitfalls.

Key Differentiators of Microsoft 365 E5

Analytics

  • Power BI Pro: Included in E5, Power BI Pro enables users to create, share, and collaborate on interactive data visualizations, driving data-driven decision-making across the organization. Power BI Pro is not available with E3 and requires separate licensing.

  • Viva Insights: Microsoft 365 E5 includes advanced Viva Insights, offering detailed analytics on collaboration trends, work patterns, focus time, and team interactions. In contrast, Microsoft 365 E3 only includes basic Viva Insights, which covers individual activity tracking but lacks the deeper organizational insights found in E5.

    • Limitations to Note: Full Viva Suite capabilities, such as Workplace Analytics, are not included in E5 and must be licensed separately.

Security Stack

  • Microsoft Defender XDR: In E5, Microsoft Defender XDR provides an integrated threat detection and response solution across multiple layers of Microsoft 365, combining insights from endpoint protection, identity security, and email security. This solution includes advanced capabilities such as attack simulation training, automated investigation and response, and Threat Explorer, enabling quicker identification and remediation of sophisticated threats like phishing and malware.

    • Microsoft Defender for Identity: Enhances identity protection by monitoring user activities and detecting signs of compromised identities or risky behaviors. It integrates threat intelligence with behavioral analytics to provide deeper insights into potential security risks.

    • Microsoft Defender for Office 365 Plan 2: Provides advanced email and collaboration security, protecting against sophisticated threats such as phishing, business email compromise (BEC), and malicious attachments or links in Exchange, SharePoint, OneDrive, and Teams. It includes features like Automated Investigation and Response (AIR), Attack Simulation Training, and Threat Explorer, which help detect and respond to threats more effectively.

    • Microsoft Defender for Cloud Apps: E5 offers advanced threat protection, visibility, data control, and robust policy management across cloud platforms, including cloud discovery, anomaly detection, and data loss prevention (DLP). Microsoft 365 E3, while focused on Office 365, provides basic Cloud App Security, offering visibility and threat detection but lacks the advanced features like proactive policy enforcement, automated remediation, and detailed insights found in E5.

    • Microsoft Defender for Endpoint Plan 2: E5 includes advanced threat protection, automated investigation and response, and endpoint detection and response capabilities. These help detect, investigate, and respond to advanced attacks, adding a post-breach layer of protection. E3 only includes Plan 1, which offers basic endpoint protection.

    • Microsoft Defender Application Guard for Office: Enhances security for Office applications by isolating potentially malicious files.

Identity and Access Management

  • Microsoft Entra ID Protection: This feature leverages advanced machine learning to assess and identify risks associated with user sign-ins and unusual behaviors. It helps detect suspicious activities and automatically applies predefined security policies to block, challenge, limit, or allow access based on the level of risk. By integrating security signals, Microsoft Entra ID Protection provides real-time mitigation against identity threats.

  • Microsoft Entra ID Premium P2: Included in E5, provides comprehensive identity protection and governance capabilities. It includes Microsoft Entra ID Protection to apply automated risk-based actions, as well as additional features such as Privileged Identity Management (PIM) and Access Reviews. These tools help manage, monitor, and certify access to critical resources, ensuring only authorized users have privileged access. In contrast, Microsoft Entra ID Premium P1, available with E3, provides essential identity protection and access management but lacks the advanced governance and threat protection features found in P2.

SIEM: Microsoft Sentinel Extensibility for XDR Portfolio

  • Microsoft Sentinel: A separate product that offers seamless extensibility with the Microsoft 365 E5 Security suite, integrating with the entire Microsoft Defender XDR (Extended Detection and Response) suite. This includes integration with Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, and Microsoft Entra ID (formerly Azure AD). These integrations enable comprehensive visibility and advanced threat detection across your enterprise security landscape.

    • Offer Details: https://azure.microsoft.com/en-gb/pricing/offers/sentinel-microsoft-365-offer

    • Data Grant: Microsoft 365 E5, A5, F5, and G5 customers receive a data grant of up to 5 MB per user per day for data ingestion into Microsoft Sentinel.

    • Eligible Data Sources: Includes Microsoft Entra ID sign-in and audit logs, Microsoft Defender for Cloud Apps activity logs, and Microsoft Purview Information Protection logs.

    • Cost Efficiency: This grant enhances cost efficiency by covering key security data sources, providing significant savings for organizations.

    • Using Microsoft Sentinel with Microsoft 365 E3: Involves additional costs and complexity compared to E5. E3 does not include the data grant of up to 5 MB per user per day for data ingestion into Sentinel, so this will incur charges based on the volume of data ingested. To access advanced security features and full XDR capabilities, such as those provided by Microsoft Defender for Endpoint and Microsoft Defender for Office 365, you will need to purchase additional licenses like the Microsoft 365 E5 Security add-on.

Compliance Stack

The Microsoft 365 E5 Compliance suite offers a robust set of features that significantly enhance data protection and governance compared to the basic Microsoft 365 E3 compliance capabilities. Key features include advanced Microsoft Purview Data Loss Prevention (DLP) for Microsoft Teams and Microsoft Purview Endpoint Data Loss Prevention (Endpoint DLP), ensuring comprehensive protection across both cloud and physical environments. Microsoft 365 E5 also introduces Microsoft Purview Double Key Encryption and Microsoft Purview Customer Key for enhanced data encryption, along with Microsoft Purview Customer Lockbox for controlled access to customer data.

Compliance features such as Microsoft Purview Automated Labelling, Microsoft Purview Exact Data Match, and Microsoft Purview Information Barriers provide sophisticated tools for regulatory adherence. Additionally, Microsoft 365 E5 includes advanced capabilities like Microsoft Purview Audit (Premium), and Microsoft Purview eDiscovery, which leverage machine learning for deeper insights and more effective investigations.

Unique to Microsoft 365 E5 are Microsoft Purview Insider Risk Management and Microsoft Purview Communication Compliance, which proactively manage internal threats and ensure regulatory compliance in communications. These advanced features are not available in the Microsoft 365 E3 suite, which offers more basic data protection and compliance tools.

Data Loss Prevention (DLP)

  • DLP for Microsoft Teams: Protects sensitive information shared within Teams chats, files, and conversations. It helps prevent accidental or intentional sharing of confidential data by applying policies to detect and block the sharing of sensitive content, such as credit card numbers or personal information, across Teams messages and documents. This ensures compliance with organizational data protection policies and minimizes the risk of data leaks within the Teams environment.

  • Endpoint DLP: Extends data protection to physical devices like desktops, laptops, and mobile devices. It helps prevent unauthorized sharing or exposure of sensitive information by monitoring and controlling actions like copying data to external devices, printing, or uploading to non-approved cloud services. Administrators can enforce policies to block or restrict risky actions, ensuring sensitive data stays protected even outside the cloud. This feature provides detailed incident reporting to support investigations into potential data breaches.

    • In E5: These features enable more comprehensive data protection and governance, both in the cloud and on devices. Microsoft 365 E3 provides basic data loss prevention capabilities focused on cloud-based data within Microsoft 365 apps like Exchange, OneDrive, and SharePoint. It allows organizations to define policies to detect and prevent the sharing of sensitive information, such as credit card numbers or personal data. However, E3 DLP is limited to cloud environments and does not extend to endpoint devices or offer the advanced features found in E5, such as automatic actions or broader policy enforcement across apps like Teams.

Encryption and Data Protection

  • Double Key Encryption: Provides enhanced data encryption by using two keys—one stored in Microsoft Azure and the other in your control. This ensures that only you can decrypt the data.

  • Microsoft Purview Customer Key: E5 offers advanced encryption options for organizations to control their encryption keys and use them to encrypt their data in Microsoft 365.

  • Microsoft Purview Customer Lockbox: Ensures that Microsoft support engineers cannot access customer data without explicit approval. It is not included in Microsoft 365 E3.

Compliance Features

  • Automated Labelling: Automatically applies sensitivity labels to documents and emails based on the content, helping to protect sensitive information.

  • Exact Data Match: Enhances data loss prevention (DLP) by using exact data match to identify and protect sensitive information.

  • Information Barriers: Restricts communication and collaboration between specific groups to prevent conflicts of interest and ensure compliance with regulatory requirements.

  • Data Security Posture Management (DSPM) (Preview): Helps organisations identify, assess, and mitigate data security risks across their data estate. It provides visibility into sensitive data, tracks data movement, and enforces policies to protect critical information.

  • Microsoft Purview Audit (Premium): Provides extended audit capabilities with a longer retention period and more granular insights. These tools are part of the Microsoft 365 E5 Compliance offering and are not available with Microsoft 365 E3.

  • Microsoft Purview eDiscovery: Microsoft 365 E5 provides advanced eDiscovery capabilities for legal and compliance investigations. It uses machine learning, predictive coding, and case management tools to help with complex investigations, including legal hold notifications, advanced auditing, and compliance reporting. In Microsoft 365 E3, eDiscovery is available but with more basic features, lacking the advanced tools like predictive coding and full case management available in E5.

  • Microsoft Purview Insider Risk Management: Available only in E5, this feature uses machine learning to detect and investigate potential insider threats by analysing user activities and communications. It offers automated alerts and investigation workflows to proactively manage risks like data leaks or policy violations. E3 does not include this capability, offering more basic monitoring features instead.

  • Microsoft Purview Communication Compliance: Included in E5, this feature helps organisations monitor internal and external communications to ensure compliance with regulatory requirements and mitigate potential risks. It identifies and flags inappropriate or non-compliant content in emails and collaboration platforms like Teams, enabling organizations to take corrective actions quickly. This feature is not available in Microsoft 365 E3.

  • Microsoft Purview Data Lifecycle Management: Includes advanced retention and deletion capabilities, including machine learning-based retention, to meet regulatory requirements. These advanced features are not included in Microsoft 365 E3, which offers more basic data protection capabilities.

Enhanced Communication and Collaboration

  •  Phone System and Audio Conferencing: Microsoft 365 E5 includes both Phone System and Audio Conferencing as part of the plan. These features replace traditional PBX systems and offer dial-in capabilities for meetings, enabling seamless communication and supporting more advanced collaboration needs. However, for customers using Microsoft 365 E3, these features are not included and must be added through the Phone System add-on, and Audio Conferencing (free) add-on.

  • Starting from March 1st, 2022, Microsoft no longer charges customers for the dial-in option for Teams meetings. This free-of-charge audio conferencing add-on is available for eligible licenses, including Microsoft 365 E3.

  • Microsoft Teams Advanced Features: Microsoft 365 E5 provides advanced Teams features, such as compliance recording, enhanced meeting capabilities (Live Events, Together Mode, and Large Gallery View), and robust security tools like advanced threat protection. These features help organizations scale collaboration and meet complex compliance needs. Microsoft 365 E3, on the other hand, includes essential Teams features for standard collaboration but lacks the advanced tools found in E5.

  • Teams Premium: Teams Premium is an separate add-on that requires separate licensing, even for E5 customers. It provides additional features such as branded meeting experiences, intelligent recap, and meeting insights, which go beyond the capabilities included in standard Teams in E5.

  • Teams Licensing Update for the EEA and Switzerland: As of October 2023, Microsoft Teams is no longer bundled with Microsoft 365 or Office 365 Enterprise suites in the EEA (European Economic Area) and Switzerland. Organizations in these regions must now license Teams separately, even for existing E3 and E5 plans. This change could impact the availability and pricing of Teams-related features for customers in these regions.

Teams Licensing Recommendations:

Check Feature Availability: Phone System and Audio Conferencing are included in Microsoft 365 E5. However, if you're using Microsoft 365 E3, these features need to be added separately.

Plan for Teams Premium Add-on: Teams Premium, which provides advanced features like branded meetings and intelligent recap, requires a separate license even for E5 customers. Budget for this accordingly.

Regional Licensing Changes: If you're based in the EEA or Switzerland, ensure you're aware of the licensing changes regarding Teams and plan for separate licensing. If you are an existing subscriber, you can continue using your current plans, including renewals and adding licenses. However, new subscribers will need to choose from the new lineup that excludes Teams.

 Licensing Implications for P2/E5 Features

  • Per-User Licensing Requirements: Microsoft mandates that all users benefiting from tenant-wide services or impacted by policies must hold appropriate P2/E5 licenses.

  • Enforcement Mechanisms: Microsoft periodically performs license enforcement checks. Non-compliance can result in restricted access to premium features or the suspension of critical services.

  • Audit Risks: Tenant-wide policy errors can expose organizations to significant risks during audits, as Microsoft assesses licensing adherence at the organizational level.

Choosing Between Microsoft 365 E3 and E5

Choosing between Microsoft 365 E3 and E5 depends on your organisation’s specific needs. Key factors include:

  • Security and Compliance: Does your organisation face advanced cyber-security threats and need advanced measures like endpoint detection and threat response?

  • Cost Efficiency: Can you fully utilise E5 features to justify the cost, or would E3 with targeted add-ons suffice?

  • Risk of Under Utilization: Upgrading to E5 without leveraging its advanced features can result in unnecessary expenses. It’s crucial to ensure readiness for adopting and managing these capabilities.

Conclusion

This licensing guide offers a structured approach to understanding the various security and compliance services available within the Microsoft 365 ecosystem.

Understanding the key differentiators between E5 and E3, is a good starting point for stakeholders to make informed decisions about their licensing needs and ensures that organizations can effectively optimize and drive value from Microsoft 365 investments.

Optimizing Microsoft 365 costs requires a strategic, data-driven approach. By understanding usage, quantifying business value, implementing optimization strategies, and establishing governance, organizations can minimize spend while maximizing ROI. This involves a continuous cycle of assessment, implementation, and ongoing management, ensuring that Microsoft 365 investments deliver optimal value and support business objectives.

Implementing an effective cost optimization process for Microsoft can enable accountability for growing cloud spend with a prescriptive methodology, enabling distributed IT and procurement stakeholders to take-action on cost savings, increase value from cloud investments, and inform flexible decision-making on future cloud investment decisions.

About Tony Mackelworth

Tony Mackelworth is a recognized leader in Microsoft Advisory Services and FinOps, with a proven track record in service leadership, product management and consulting. He has built and scaled global service portfolios in Microsoft consulting and FinOps, driving innovation, efficiency, and tangible results for global organizations.

With extensive experience delivering consulting services and leading practices, Tony combines strategic vision with hands-on expertise to help organizations maximize value from their Microsoft investments.

This website serves as a resource for the licensing and FinOps community and a platform to share insights, empowering businesses to navigate Microsoft software and licensing with confidence.

Learn more about his work and insights via Softspend.

Disclaimer

This article is intended for informational purposes only and does not constitute legal, financial, or licensing advice. Microsoft licensing and feature availability can vary by region, subscription type, and contract terms.

Please be aware that nothing on this website constitutes specific technical advice. Some of the material on this website may have been prepared some time ago and therefore may have been superseded. Specialist advice should be taken in relation to specific circumstances.

The contents of this website are for general information purposes only. Whilst the author(s) endeavour to ensure that the information on this website is correct, no warranty, express or implied, is given as to its accuracy and the primary author and website owner or it’s contributing Authors do not accept any liability for error or omission.

The contributing authors and owner of the website shall not be liable for any damage (including, without limitation, damage for loss of business or loss of profits) arising in contract, tort or otherwise from the use of, or inability to use, this website or any material contained in it, or from any action or decision taken as a result of using this website or any such material.

This Disclaimer is not intended to and does not create any contractual or other legal rights. This website is not run by Microsoft and the opinions are the author’s own.

All content on this website created by the author is subject to copyright with all rights reserved.

Tony Mackelworth https://www.softspend.com
Previous

Tenant-Wide Services Licensing Guide