Skip to content
English
Incident Support Customer Portal
Contact Us
  • There are no suggestions because the search field is empty.

What are the security features of the Microsoft E5 license?

The Microsoft 365 E5 license offers the most advanced security, compliance, and productivity features within the Microsoft 365 suite.

It builds on the security capabilities of the Microsoft 365 E3 license by providing additional advanced protection, threat intelligence, and management tools, making it an ideal choice for organisations with complex security needs, larger environments, or those in highly regulated industries.

Here are the key security features included in the Microsoft 365 E5 license:

1. Identity and Access Management

Azure Active Directory Premium P2

  • Identity Protection: Provides advanced detection and response to risky user behavior, including sign-ins from unfamiliar locations, leaked credentials, or potential compromise.
  • Risk-Based Conditional Access: Uses identity risk levels to apply dynamic security policies, such as requiring Multi-Factor Authentication (MFA) or blocking access based on risk assessment.
  • Privileged Identity Management (PIM): Manages and audits privileged accounts, allowing organisations to control and monitor privileged access, including "just-in-time" administration and approval workflows for administrative roles.
  • Access Reviews: Automates the process of reviewing and certifying user access to critical resources and applications, ensuring access remains appropriate and compliant.

2. Advanced Threat Protection

Microsoft Defender for Office 365 (Plan 2)

  • Advanced Threat Protection (ATP): Protects against sophisticated attacks like zero-day threats, phishing, and impersonation by automatically identifying and blocking suspicious content in email messages.
  • Threat Explorer and Real-Time Detection: Provides real-time threat investigation capabilities, allowing security teams to identify and respond to threats quickly.
  • Automated Investigation and Response (AIR): Uses machine learning to automatically investigate and remediate attacks, reducing the need for manual intervention.
  • Attack Simulator: Simulates phishing attacks within your organization to test the security awareness of users and assess how well your defenses perform.

Microsoft Defender for Endpoint (EDR and XDR)

  • Endpoint Detection and Response (EDR): Provides enhanced endpoint protection by continuously monitoring, detecting, investigating, and responding to suspicious activities on endpoints (e.g., desktops, laptops, and mobile devices).
  • Extended Detection and Response (XDR): Extends threat detection across your entire organization, providing a centralized, integrated view of security data from email, endpoints, and cloud applications.
  • Threat Hunting: Proactively searches for emerging threats across endpoints, providing a more advanced, manual approach to detect attacks.
  • Automated Remediation: Responds to threats automatically by quarantining or isolating compromised devices to prevent further damage.

3. Information Protection

Microsoft Information Protection (MIP)

  • Sensitivity Labels with Automatic Application: Automatically applies sensitivity labels to emails, documents, and other files based on content inspection or user-defined settings, ensuring the right security policies are in place for sensitive data.
  • Encryption: Ensures that sensitive information remains encrypted both in transit and at rest, and applies encryption policies even when sharing data externally.
  • Data Loss Prevention (DLP): Advanced DLP capabilities to automatically detect and prevent the unauthorized sharing of sensitive data, including credit card numbers, Social Security numbers, and intellectual property.
  • Document Tracking and Rights Management: Protects documents with encryption and restricts actions such as copying, editing, or printing based on predefined access controls.

Azure Information Protection (AIP)

  • Classification and Encryption: Automatically classifies and encrypts sensitive data based on its content, regardless of where it is stored or shared.
  • Advanced Protection for Emails and Documents: Ensures sensitive documents are protected even when shared outside the organisation, applying encryption, rights management, and tracking features.

4. Compliance and Data Governance

Microsoft Compliance Center

  • Compliance Manager: Provides a centralized location for managing and assessing your organization’s compliance posture across multiple regulations (e.g., GDPR, HIPAA, CCPA).
  • Advanced eDiscovery: Advanced tools for searching, identifying, and collecting data for legal and compliance purposes, including features like holding, legal discovery, and export for legal investigations.
  • Information Governance: Advanced retention and deletion policies that help you ensure data is kept for the required amount of time and securely deleted once it is no longer needed.
  • Audit and Activity Reports: Centralized auditing and reporting tools that allow administrators to track user activities across Microsoft 365 services and investigate suspicious behavior.

5. Security Information and Event Management (SIEM)

Microsoft Sentinel (via Azure)

  • Cloud-Native SIEM: Microsoft Sentinel provides a cloud-native Security Information and Event Management (SIEM) solution that helps aggregate, detect, investigate, and respond to security threats across your entire organisation.
  • Threat Detection: Uses AI and machine learning to detect suspicious activity and provide actionable alerts.
  • Investigation and Hunting: Allows security teams to investigate and actively hunt for threats using advanced querying and analytics features.

6. Threat Intelligence and Security Reporting

Microsoft Defender Threat Intelligence

  • Advanced Threat Intelligence: Provides insights into active threats targeting your organisation, helping to identify and mitigate risks before they escalate.
  • Customizable Alerts: Enables organisations to set up advanced alerting for high-priority threats, ensuring that security teams are informed and able to act quickly.

7. Device and Endpoint Management

Microsoft Intune (Advanced Features)

  • Comprehensive Device Management: Manages both mobile devices (BYOD) and corporate-owned devices with detailed security configurations and compliance policies.
  • Conditional Access Policies for Devices: Restricts access to corporate resources based on the device’s security posture (e.g., requiring encryption or blocking access from jailbroken or rooted devices).
  • Mobile Application Management (MAM): Extends security policies to applications on both personal and corporate-owned mobile devices, preventing data leakage while allowing secure use of apps.

Endpoint Protection and Compliance

  • Advanced Endpoint Protection: Uses Microsoft Defender for Endpoint (EDR and XDR) to proactively protect endpoints from malware, ransomware, and other advanced threats.
  • Threat Remediation and Incident Response: Automated tools to remediate security incidents, such as quarantining infected files or isolating compromised devices.

8. Secure Collaboration and Communication

Teams Security and Compliance

  • End-to-End Encryption for Teams: Secures voice and video calls within Microsoft Teams with advanced encryption features.
  • Compliance for Teams Meetings and Data Loss Prevention: Implements DLP and retention policies in Teams for chats, files, and meetings to protect sensitive information during collaboration.

Exchange Online Protection (EOP) and Anti-Phishing

  • Advanced Anti-Phishing: Detects impersonation and phishing attempts using machine learning and user behavior analytics.
  • Advanced Threat Protection for Exchange: Provides real-time protection from malicious emails, including blocking malicious links and attachments.

9. Insider Threat Detection and Management

Microsoft Insider Risk Management

  • Insider Threat Detection: Detects potential insider threats through behavioral analytics and risk indicators based on user activity and data access patterns.
  • Policy Enforcement: Automatically triggers actions based on detected risks, such as blocking file access or triggering an investigation.

User and Entity Behavior Analytics (UEBA)

  • Advanced Threat Detection: Uses machine learning to detect anomalous user and entity behavior, such as accessing large amounts of sensitive data without authorisation.
  • Automated Risk Responses: Automatically enforces corrective actions when potential threats are detected, including initiating investigations and restricting access.

10. Backup and Disaster Recovery

  • OneDrive and SharePoint Backup: Includes advanced backup capabilities to ensure that important data is always recoverable, even in the event of accidental deletion or data corruption.
  • Data Recovery: Restores data from backup or version history if files are lost or maliciously altered.

11. Enhanced Security Analytics

  • Advanced Security Analytics Dashboard: Provides a comprehensive, easy-to-read dashboard that shows security trends and threats across your organization, giving security teams the ability to proactively address issues.
  • Security Monitoring: Includes insights into organisational security health, threat activity, and more, allowing admins to make informed decisions.

Conclusion

The Microsoft 365 E5 license offers a highly advanced and comprehensive security suite that includes robust identity protection, advanced threat defense, endpoint detection and response (EDR), enhanced compliance features, and powerful analytics tools. It is ideal for large organizations or those with highly sensitive data that require the best in security, compliance, and threat intelligence.

E5 is a great choice for organisations that need to manage complex regulatory requirements, protect their data and users from increasingly sophisticated threats, and have access to cutting-edge security technologies to safeguard their environment.