For companies with the Microsoft 365 E3 license, the decision on whether to upgrade to 365 E5 is likely taken into consideration, and security should certainly be included. With E5, companies will likely find security upgrades in three key areas: identity management, endpoints, and cloud.
So says David Broggy, Trustwave's Senior Solutions Architect, Implementation Services, and a 2024 recipient of the Microsoft MVP Award, in a recent webinar on transitioning from Microsoft E3 to E5. "You get basic features with E3, but the E5 gives you a lot more options," he says. In fact, E5 includes at least 30 additional Microsoft Security products as compared to E3, according to a detailed Microsoft comparison chart.
Trustwave is a Microsoft Security Partner, so folks like Broggy have a long history with Microsoft Security products, and he has plenty of advice on what to focus on in terms of making the most out of an investment in the Microsoft 365 E5 license.
E5 protections begin with identity, including authenticating users as they log in. Microsoft Entra (the former Active Directory) includes some valuable risk detection features, Broggy notes.
"They're monitoring users' activities and looking for high-risk activity," he says. "And there's some machine learning in the backend that detects anomalies."
E5 also supports conditional access, which can mean granting users access to sensitive resources when they're on-site but not via public Wi-Fi from a coffee shop, for example.
Another valuable feature is access reviews, an Entra ID feature that enables organizations to manage group memberships and roles. Access reviews make it easier to ensure only authorized users can access various resources.
With the E5 license, users also get access to a security agent that enables them to implement Global Secure Access, Microsoft's zero-trust network access implementation. GSA "simplifies access policy management and enables access orchestration for employees, business partners, and digital workloads. You can continuously monitor and adjust user access in real-time if permissions or risk level changes," according to Microsoft.
In practice, GSA enables identity protection even for applications that don't have it natively, Broggy says.
The E5 license also gives users significant endpoint security features and applications, including Defender for Endpoint and Defender for Servers.
"Getting endpoint protection on all your endpoints, servers, and workstations is a really big deal," Broggy says. "That means you have security across the board, whether it's on-prem or in the cloud, for those devices."
Additionally, the Defender applications provide visibility into other connected devices on the network that may not be secure.
"The applications that are running, all the web traffic coming from those machines going out to the internet, you see all of that," he says. "Now you can protect not just the endpoint but also the applications users are using and understand all the associated vulnerabilities."
Microsoft Defender for Cloud Apps is a cloud access security broker that ensures such protection extends to web applications, including software-as-a-service (SaaS) apps. This helps identify any risky web apps, Broggy says. "It also helps you identify shadow IT," he notes, which are SaaS applications that individual business units may have installed without informing IT.
Another similarly named application, Defender for Cloud, is a cloud security posture management tool that monitors your cloud infrastructure.
"Defender for Cloud is watching everything, every single resource in the cloud, and automatically providing security advisories and concerns," Broggy says. He notes users can set up alerts based on their risk tolerances and policies.
If all this sounds like a lot to bite off, it may well be. Broggy says training is required to understand all the ins and outs of the Microsoft Security product suite. That's why Trustwave has developed a series of offerings to help clients extract full value from their Microsoft Security investments.
The offerings include "accelerators" that provide roadmaps for implementing Microsoft Security products, expert consulting services, and managed services, including MXDR for Microsoft, which is an extended threat detection, hunting, investigation, and response service that integrates with Microsoft Sentinel and the Microsoft Defender XDR suite.
There's significant value in the Microsoft security products included with the E5 license. To learn more, check out the entire series of Trustwave webinars, "Unlocking the Power of Microsoft Security."