Breaking down the Microsoft 365 E5 Security Add-On

Earlier this year, Microsoft made the E5-Security add-on available for Business Premium subscribers. It’s packed with a ton of amazing security features. Additionally, it is a significantly reduced price than if you were to upgrade to E5 altogether. In this article, I will share the highlights of what is included with the add-on.

What's Included

The add-on is made up of 5 standalone products. The amount of value in having Entra P2 along is very high but combined with the other plans, it makes this offer very attractive.

With the cost of E5 being $60/u/m, having the security features for only $12 is a very attractive offer. 

I think this comparison is still underselling the offering. There are a ton of protections related to identity (i.e. PIM, Access Packages, etc.) that aren’t even shown here. 

Business Scenarios

There are many business scenarios we could walk through,ough but I highlighted some of the top ones here:  

1. Automatic Attack Disruption

There is a fundamental thesis that if you are layering in many different security tools you are getting a ton of siloed signals that you have to stitch together to understand a broader attack. 

Typical attack chains flow through various domains (email, endpoints, identities, etc.). The attacker thinks about how they will move across systems to achieve their desired outcome. (ransom, wire fraud, data exfiltration, etc.)

Having the E5 security not only allows you to correlate signals across email, devices, users, etc., but also can perform automated actions to break down the attack….with no human involvement. Examples: blocking user accounts, resetting passwords, rotating sessions, isolating devices from the network, ZAPing emails from users inboxes, etc.

2. Extending Conditional Access to Risk-Based activity 

Having Entra P2 extends conditional access to perform certain activities if a user is flagged at a certain risk level. EX: If a user or sign in is detected as high risk, you could automatically block that user account, force a password reset, re-prompt for MFA, etc. P2 includes many more risk signals as part of their identity protection features. 

3. Automating and Governing Access

Entra P2 also includes features like Access Packages, Entitlement workflows, Access reviews which allow you to streamline access controls across groups, apps, roles, and more. it can even automate common tasks like user onboarding/offboarding. PIM is also included for just-in-time admin access for roles like Global Administrators. 

4. Automated Investigation and Response across Email and Collaboration tools

Defender for Office 365 Plan 2 includes Automated Investigation and Response (AIR) features that do extend into any suspicious or malicious behavior in Teams. Teams Phishing is a rising threat that businesses should be aware of. 

5. Detecting AI tools in Use, Shadow IT, and Application Risk

Defender for Cloud Apps is Microsoft’s CASB (Cloud-App Security Broker). Combined with Defender for Endpoint it can detect any applications both on workstations as well as what users are browsing to. The app list is automatically cataloged by category, allow you to easily view things like AI apps users are currently leveraging. As an admin, you are able to label apps as sanctioned or unsanctioned. If they are unsanctioned, users are immediately prevented from accessing them in their browser. 

6. Extending Protections to Local AD

Customers running hybrid environments can leverage Defender for Identity to extend protections to local ad and have the alerts triaged centrally in the Defender admin center.

Conclusion

I will be breaking down these features more in future blog post. I will also cover some recommendations on pitching this as an upsell to your customers so be sure to subscribe to the blog for new content. 

For the full presentation deck for E5 Security click here: Enhance-Business-Premium-with-E5-Security