Microsoft subscription licensing have you confused? You’re not alone. Countless articles, books, webinars, and classes have been dedicated to which subscription plans are best, which plans are cheapest, which plans are included in other plans, and most importantly, which plan(s) make sense for your business. Our goal in this article is not to make you an expert. Instead, our goal is to cover the basics for the uninitiated and review the pros and cons of some of the most common choices.
Microsoft’s subscription plans for business are grouped into three distinct categories: Windows, Office 365, and Enterprise Mobility + Security (EMS or EM+S). In addition, there are several Microsoft 365 bundles, each of which combines certain elements of the first three categories.
Unless your needs are very specific and focused, it is likely that one of the Microsoft 365 bundles will be the most appropriate choice. The most common of these bundles are:
- Microsoft 365 Business Basic – $5/user/month (increasing to $6/user/month in March 2022)
- Microsoft 365 Business Standard – $12.50/user/month (no increase scheduled)
- Microsoft 365 Business Premium – $20/user/month ($22/user/month in March 2022)
- Microsoft 365 Enterprise E3 – $32/user/month ($36/user/month in March 2022)
- Microsoft 365 Enterprise E5 – $57/user/month (no increase scheduled)
Note: Although all prices are listed as a per month cost, the prices listed require an annual commitment. Pricing for monthly commitments will be higher.
One very common misconception is that “Microsoft 365 Enterprise E3” is the same thing as “Office 365 Enterprise E3” (ditto for E5). They are very much not the same thing. Microsoft 365 Enterprise E3 includes Office 365 Enterprise E3 plus much more. In fact, if your organization is below 300 users, Office 365 Enterprise E3 is probably not a cost-effective licensing choice.
Let’s cover some of the major considerations and decision points that might rule out some of the bundles above.
Organization Size
How many users are in the organization? Subscriptions plans and bundles named “Business” rather than “Enterprise” are limited to 300 users. If your organization is larger than 300 users, you’ll be limited to the Enterprise licenses.
Windows Enterprise
Windows 10 is available in several editions: Home, Professional, and Enterprise (and Education, if your organization qualifies). When you buy a Windows laptop or desktop, it typically comes with a Windows Home or Windows Pro license included. Your first question here might be, “Do I really need Windows 10 Enterprise, or are the Home or Pro edition enough?” This is a valid question. In almost all cases, the answer is that Windows 10 Home absolutely will not suffice, as it is missing a number of business-critical features, such as the ability to join an Active Directory domain.
While the difference between the Pro and Enterprise editions is less pronounced, several of the security, management, and usability features are exclusive to the Enterprise and Education editions. A detailed comparison of Pro and Enterprise editions is beyond the scope of this article, but it is important to note that the Microsoft 365 Enterprise E3 and E5 license bundles include an upgrade from Windows Pro to Windows Enterprise. Note that they do not include an upgrade from Windows Home to Windows Enterprise.
Assuming you require any of the Pro or Enterprise features, the important takeaway from this section is to ensure that the workstations you purchase include a Windows Pro license rather than a Windows Home license.
The Applications Formerly Known as Microsoft Office
We all know and love the Microsoft Office application suite, including Outlook, Word, Excel, PowerPoint, and more. As you may know, Microsoft has officially rebranded the suite as Microsoft 365 Apps, although you’ll still see references to Office in plenty of places.
The primary decision point here is whether your organization requires the desktop version of these applications, or if the web version will suffice. Of the five bundles mentioned above, all but Microsoft 365 Business Basic include the desktop version of M365 Apps.
An additional consideration in this area is whether you need to use the desktop version of M365 Apps from a shared computer, such as a Citrix or Remote Desktop Services (aka: Terminal Services) server. If so, it’s important to note that only Enterprise licenses and Microsoft 365 Business Premium include this capability.
Microsoft 365 Cloud Services
Let’s face it, beyond the new name for Office, the two previous sections probably didn’t break any new ground. The real driver for Microsoft subscription licensing is one or more of the Microsoft 365 cloud services, including Exchange Online, OneDrive for Business, and Teams. All of the M365 bundles mentioned above include Exchange Online, OneDrive for Business, and Teams, although some feature differences exist.
- Exchange Online: M365 Business Basic and Standard have a 100 GB total limit on mailbox size (50 GB primary plus 50 GB archive) while the other three bundles include an Unlimited archive mailbox. The two Enterprise bundles also include a 100 GB primary mailbox. M365 Business Basic and Standard also don’t include the Litigation Hold, Retention Policies, or Data Loss Prevention features.
- OneDrive for Business: The three M365 Business bundles mentioned above include 1 TB of OneDrive storage per user. The Microsoft 365 Enterprise E3 and E5 bundles include a whopping 25 TB per user. To be clear, 1 TB is a lot of space, and that may well be plenty unless you’re storing video or audio files.
- Teams: All of the licensing bundles mentioned above include Teams. However, the three M365 Business bundles do not include Microsoft Stream, Microsoft’s video streaming application that allows you to record and stream videos seamlessly within Teams. While all the bundles mentioned include audio/video meeting capability, only the M365 Enterprise E5 license includes the ability for users to dial into a meeting using a standard phone line (this feature can be added to any of the other plans at an additional cost). M365 Enterprise E5 also includes the ability to use Teams as a phone system.
Identity and Authentication
Your first question in this area should not be “Do I need multi-factor authentication (MFA)?” Don’t ask. You need it. There is a free edition of Azure Active Directory (Azure AD) and Azure MFA. With the free edition, you can synchronize user IDs and passwords from your on-premises environment to the Microsoft 365 cloud, and prompt users for MFA when they attempt to access cloud services (e.g. Exchange Online, Teams). You can also synchronize third-party applications with the free edition of Azure AD, although there is a 10-application limit.
The free edition of Azure AD and Azure MFA is missing several useful features. The most important of these is something called Conditional Access, which allows the creation of rules governing who can log on, when, from where, whether the user gets prompted for MFA or not, etc. For example, Conditional Access policies can block logins from certain countries. Conditional Access policies can also allow skipping the MFA prompt when certain conditions are met, such as when users are connecting from within the firm’s office(s). Configured correctly, Conditional Access creates a much smoother end-user experience, especially with regard to MFA.
Other features missing from the Azure AD free edition include the ability to use a third-party MFA solution instead of Azure MFA, security reporting, and MFA options beyond mobile app such as a phone call or SMS text. All of these and Conditional Access are included with the M365 Business Premium and both M365 Enterprise bundles, but not with the M365 Business Basic and Standard bundles.
Mobile Device Management
M365 Business Premium and both M365 Enterprise bundles include Microsoft Intune, which can be used to manage mobile devices (and/or Windows workstations). While the details and benefits of mobile device management (MDM) are beyond the scope of this article, suffice to say that MDM can be an important part of your management and security strategy.
In combination with the Conditional Access policies mentioned earlier, Intune can ensure that access to the firm’s cloud data (e.g. Exchange Online, OneDrive, Teams) is limited to specific devices. For example, you might allow your users to access email or Teams from a firm-owned laptop or Intune-enrolled mobile device, but not from a hotel kiosk.
Advanced Security and Compliance
Microsoft includes a number of advanced security and compliance features in its most expensive subscriptions. The details of these features are once again beyond the scope of a beginner article, but high-level descriptions of some of these products and features are included below:
- Defender for Endpoint – Automated threat detection and response at the workstation level. Generate security alerts for unusual logons or activity.
- Defender for Identity – Identify and generate alerts on attempts to compromise user credentials or administrative group membership changes.
- Microsoft Cloud App Security – Log collection of security events from on-premises, Microsoft cloud services, and third-party cloud services.
- Microsoft Information Protection – Apply digital rights management to sensitive documents, and control and revoke permissions to documents even after they leave your environment.
Conclusion
Microsoft 365 Business Premium is a cost-effective choice that includes the desktop version of Microsoft 365 Apps, an unlimited archive mailbox for email, Intune, Azure AD Premium Plan 1, and more. It is limited to 300 users and does not include the step-up from Windows Pro to Windows Enterprise.
Microsoft 365 Enterprise E3 is a more comprehensive choice than M365 Business Premium, in that it includes the Windows Enterprise upgrade.
Microsoft 365 Enterprise E5 is the full-featured bundle, including the Windows Enterprise upgrade, Teams audio dial-in, Teams phone system upgrade, and the advanced security and compliance features listed above.
But Wait, There’s More: Interesting Add-Ons
Add-on licenses are available for some of the subscriptions. These can be useful if you want some, but not all, of the features in the most expensive plans. The most interesting add-ons we typically see are listed below.
Audio Conferencing: While all of the subscription bundles mentioned include Teams, only the Microsoft 365 Enterprise E5 license includes the ability to dial-in to a Teams meeting via a standard phone number. That ability can be added to the others with the Audio Conferencing add-on, at a cost of $4/user/month.
Exchange Online Archiving: This add-on can be added to any plan that includes Exchange Online. It includes an Unlimited Archive Mailbox, although the Primary Mailbox Size Limit does not increase. It also includes Automated Retention Policies and In-Place and Litigation Hold capability. The cost is $3/user/month.
Microsoft 365 E5 Compliance: This add-on includes a slew of compliance and information protection features, such as Microsoft Information Protection Plan 2, Advanced Message Encryption, and Advanced eDiscovery, among others. Eligibility is limited to customers with both Office 365 Enterprise E3 and EM+S Enterprise E3, or the Microsoft 365 Enterprise E3 bundle. The cost is $10/user/month.
Microsoft 365 E5 Security: This add-on includes advanced security features such as Defender for Identity, Defender for Endpoint,, Attack Simulator, Microsoft Cloud App Security (MCAS), and Azure AD Premium Plan 2. Eligibility is limited to customers with both Office 365 Enterprise E3 and EM+S Enterprise E3, or the Microsoft 365 Enterprise E3 bundle. The cost is $12/user/month.
About the Author
Richard Conway is the senior manager of sales operations at Kraft Kennedy, a leading IT consulting company.