Trustwave Government Solutions Attains StateRAMP Authorization. Learn More

Request a Demo

Trustwave Government Solutions Attains StateRAMP Authorization. Learn More

Request a Demo
Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
Trustwave SpiderLabs Team
Global researchers, ethical hackers, and responders
Trustwave Fusion Security Operations Platform
Unprecedented security visibility and control
Trustwave Security Colony
Access to cybersecurity threat protection resources
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP

How to Limit Extra Costs When Implementing Microsoft E5 Security Products

2 Minute Read

The Microsoft 365 E5 license gives you access to a slew of valuable Microsoft Security products that will cover you quite well for all your enterprise security monitoring needs. However, monitoring is only part of the security equation; the resources and services you add to it will help you get real value from E5.

In a recent webinar, "5 Steps to Maximizing a Microsoft E5 License", David Broggy, senior solutions architect for implementation services at Trustwave and a Microsoft MVP, laid out several keys to making the most of E5's security solutions.

He explained how the Microsoft cybersecurity solutions under E5 collectively provide services and protection that every company needs, including for:

  • Identity management
  • Workload and application protection on-premises and in the cloud
  • Cloud resource protection
  • Threat monitoring and alerting
  • Compliance features
  • Attack path analysis
  • Logging, monitoring, and reporting with a security and information event management (SIEM) tool
  • Some threat intelligence

A common denominator among most of those offerings is that they mainly observe what's going on in your environment rather than taking any action, which means you don't have to worry that they'll open up new security holes.

"The good thing about jumping fast into E5-related security features is they only do read access. They're just monitoring," Broggy said. "So, you can jump into a lot of these features without affecting operations or production and with minimal concern about change requests and things affecting the environment."

 

Alert Data Can Drive Up Costs

He said that in terms of cost because Microsoft uses a per-user pricing model, the base fee for E5 is easy to determine.

Broggy also provided sound advice on being mindful of extra costs, most of which comes down to how much data you want to send to the Microsoft Sentinel SIEM. "Microsoft Sentinel is free to turn on, but there's a cost to ingesting logs," he said.

In general, there's no charge for sending alerts from Microsoft Security products, including the various Defender tools (XDR, Endpoint, Identity, Office 365, Cloud Apps), Microsoft Entra ID, Azure Information Protection, and others. However, Microsoft makes clear that this applies only to alerts.

According to Microsoft, "Although alerts are free, the raw logs for some Microsoft Defender XDR, Defender for Endpoint/Identity/Office 365/Cloud Apps, Microsoft Entra ID, and Azure Information Protection (AIP) data types are paid." That includes data types "such as the Advanced hunting tables DeviceInfo, DeviceFileEvents, EmailEvents, and so on."

 

How Security Professionals Can Help

Limiting the amount of data you send to Microsoft Sentinel, especially from third-party security tools, will reduce your costs. On the other hand, you want to keep all alert and log data that can help you detect security issues.

What you need is a Microsoft security partner who knows how to tune your various Microsoft security solutions so that they report on relevant issues but not all the noise that results in alert fatigue and increased costs.

With issues like this in mind, Trustwave created a series of offerings to help clients get the most out of their Microsoft investments. They include a trio of Accelerators for Microsoft Defender XDR, Sentinel, and Copilot for Security. The Accelerators give customers step-by-step instructions on replacing various existing security solutions with relevant Microsoft offerings so they can more quickly derive value from their E5 investments.

Trustwave, one of the first Microsoft Global MSSP Partners to offer Managed Security Services for Microsoft Sentinel, also provides implementation and optimization services that help you create roadmaps and best practices to unlock the full value of your Microsoft E5 investment. That includes tuning all the security solutions to limit noise, false positives, and costs.

There's also a series of managed security services, such as the Trustwave Managed Extended Detection and Response (MXDR) for Microsoft, an MDR service specifically geared toward the Microsoft Security environment. MXDR puts a team of security experts on your side to help vet and respond to the security alerts that reach Microsoft Defender XDR and Microsoft Sentinel SIEM.

The Microsoft E5 license offers significant security value on its own, but even more so when you enlist security professionals to help you configure and optimize the tools and respond to the alerts they raise. For more information, please see the webinar, "5 Steps to Maximizing a Microsoft E5 License."

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Tips & Tricks Microsoft Security

Latest Intelligence

Incident Response Testing: An Australian Perspective
Trustwave Named the Innovation Leader by Frost & Sullivan for the Americas and Europe
Protecting Patient Safety: Trustwave's Role in Healthcare Cybersecurity

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo