Microsoft 365 E5 is known for having industry-leading security and compliance solutions. It's also no secret that an E5 license is the most expensive one available from Microsoft.
A complete E5 license isn't always the best option for every company. Some organizations may need to prioritize more granular compliance features over stronger threat detection and response capabilities, and vice versa.
Some people may want both of these items, but not the phone and conferencing features that come with a full E5 license.
What is Microsoft 365 E5 Security?
The Microsoft 365 E5 Security add-on is a subset of the Microsoft 365 E5 license, allowing businesses to take advantage of Microsoft's top-tier security technologies without having to pay for the entire E5 license.
E5 Security is frequently misunderstood as merely providing access to E5 level Enterprise Mobility + Security (EMS) solutions. E5 Security combines security features from EMS, Office 365 Enterprise, and Windows 11 Enterprise into a single package.
By offering a layer of advanced security technologies that sit throughout your entire environment – complementing and interacting with your existing Microsoft technologies and services – you can reap the full benefits of Microsoft's integrated, holistic approach to security.
What does Microsoft 365 E5 Security include?
Azure Active Directory Premium Plan 2
You'll have access to Azure AD Premium Plan 2 (AADP2) as part of E5 Security, which includes some useful identity management features:
🔹Manage group memberships, application access, and user access privileges via access reviews. Allows you to guarantee that the proper users have the access they require to be productive, while also allowing you to revoke access as employees leave or move about your company.
🔹Azure Identity Protection: Automates the detection and remediation of identity-based issues using Microsoft's security telemetry.
🔹Control and monitor access to critical resources with privileged identity management (PIM). Limit elevated access privileges to those those who require them, with just-in-time access, and then remove them after the task is accomplished.
🔹Entitlement management is a feature of identity governance that allows you to manage your identity lifecycles at scale. Automate the provisioning and removal of access for internal and external users, including partners and suppliers.
Microsoft Defender for Office 365 is a security program developed by Microsoft.
Defender for Office 365 is one of three 'Defender' suites featured in E5 Security, and it comes in both Plan 1 and Plan 2 editions.
🟢Anti-phishing: With phishing attempts accounting for 91% of large-scale data breaches (UK Gov, 2021), having strong anti-phishing skills is critical. Defender for Office 365 gives you everything you need to detect, isolate, and eliminate phishing attacks on your users.
Plan 1
🟢Real-time detections: Detect and respond to phishing assaults in real time with the Threat Explorer feature. Examine who was targeted and when, then look at the phishing emails to see what action was taken.
🟢Safe attachments: Before email attachments are transferred to a recipient, Safe attachments checks them in a virtual environment. URLs and links are checked in a secure explosion chamber before the document is permitted for transmission.
🟢URLs contained in emails, Microsoft Teams, and Office 365 apps are all covered by safe links. Rewritten links are inspected and compared to a list of known harmful destinations.
Plan 2
🟡Attack simulation training: In your setting, run a range of realistic phishing attack scenarios to help identify vulnerable users before a genuine attack occurs. Then, to educate and strengthen your security, provide suitable training.
🟡Automated investigation and response (AIR): Eliminates the need for manual threat detection and response. Potential threats are highlighted, and prepared remedial steps are ready to go — all you have to do now is get your security team's approval.
🟡Threat explorer: See all malware and phishing activity that has been detected, as well as launch investigation and cleanup activities, all from one place.
🟡Suspicious behaviour, such as spam emails from a verified user, might help you quickly identify accounts that have been compromised.
Microsoft Defender for Endpoint Plan 2
Defender for Endpoint does exactly what it says on the tin: it protects endpoint user devices and access.
Defender for Endpoint can help you identify infected devices and activity using a combination of inbuilt behavioural sensors in Windows 11, Microsoft threat intelligence, and cloud security analytics — quickly shutting off lateral movement assaults.
Some of the features of Defender for Endpoint will be accessible in E3 under Plan 1 in 2022, however Plan 2 will provide you access to the following:
🟣Advanced threat hunting: With query-based threat hunting, you can look through up to 30 days of raw data to find both known and undiscovered threats. Create custom detection rules to check for suspicious activities automatically.
🟣Before implementing Defender for Endpoint, run simulations and configuration tests to determine how it would work in your environment. Use the results of the lab to fine-tune and improve susceptible areas.
🟣AIR (automated investigation and response): Because prioritizing and investigating alerts takes time, Defender for Endpoint's AIR acts as a virtual analyst, working 24 hours a day, 7 days a week to determine if a threat requires action, what action to take, how to take it, and then further investigate the alert.
🟣Threat and vulnerability management: Based on threat landscape knowledge, detections in your environments, sensitive device data, and more, identify and focus on endpoint flaws that pose the most risk.
🟣Endpoint detection and response: Detect threats in near real time and respond effectively. Defender for Endpoint organizes and categorizes threats for simple inspection, and it stores behavioural data for 6 months to allow for in-depth research.
🟣Device discovery: Identifying and mapping all of the devices in your network, especially unmanaged ones, can be difficult. Device detection identifies unregistered laptops and mobile phones, as well as other devices like routers, printers, and cameras.
Microsoft Defender for Identity
With 61 percent of breaches attributable to leveraged credentials (Verizon, Data Breach Investigations Report, 2021), safeguarding your environment requires monitoring and reacting to compromised identities, which is exactly what Defender for Identity was built to do.
Defender for Identity detects and investigates unusual user behavior using your on-premises Active Directory. Identity-based attacks usually start with low-privileged users and work their way up your network to sensitive data and privileged accounts.
Defender for Identity assists you in creating a timeline of suspicious activities, noting not only the location of the first breach but also the attacker's path through your surroundings.
