Microsoft Enterprise Mobility + Security (EMS) Licensing Explained!
How many devices do you own? A laptop, a tablet, a phone, maybe a gaming console, a smart TV, or a family desktop computer as well? How many of those have you ever used for work? Probably at least a couple. We check our emails at the groceries, forward emails on the train, answer a quick chat while waiting at the dentist. Work as we knew it doesn’T exist anymore. The boundaries have widened. The more we arrived into the IoT era and the multi-device world, the more things we connect to our networks. Each new addition is a potential entry for a new threat.
After all, Hackers were able to acquire data from a North American casino by using an Internet-connected fish tank thermometer meant to remotely monitor the tank’s water parameters. Hackers got their way into the fish tank’s wireless connection and used it to move around into other areas of the network. From the casino’s network, they stole sent out 10GB of data to a device in Finland.
Now, not every hack is this dramatic, but with greater mobility comes great responsibilities. I bet you’re thinking “Ok, Ben Parker… calm down.“, but the words that helped Spiderman should also help you. We often think that security is important, but people rarely prepare for fear it’s going to take too long. EMS is Microsoft’s answer to the many new threats that come with each new device in your organization.
What is Microsoft Enterprise Mobility + Security (EMS)?
Microsoft Enterprise Mobility + Security (EMS) is intelligent mobility management and security platform. What this means is that EMS helps protect and secure your organization with its products that act to increase security features of Windows 10 and Microsoft 365.
How do I get Microsoft Enterprise Mobility + Security (EMS)?
Microsoft EMS can be purchased as a standalone product. EMS E3 is $8.80 USD/user/month while EMS E5 is $14.80 USD/user/month. A more detailed comparison can be found in the tables below which gives a breakdown of what applications and features are found in EMS E3 and EMS E5 to help you understand which subscription is best suited for your organization’s needs.
An alternative is to purchase a Microsoft 365 enterprise subscription – Microsoft 365 E3 or E5 which comes with Microsoft EMS. The Microsoft 365 Enterprise E3 and E5 solutions offer not only EMS, but Microsoft 365 Apps, unlimited OneDrive storage for subscriptions with 5 or more users, Microsoft Teams, and numerous other tools like Power Automate and Power Apps. The Microsoft 365 E3 plan is $32 USD/user/month and the Microsoft 365 E5 plan is $57 USD/user/month- both great prices for their offerings.
It is important to note that Office 365 E3 and E5 are other enterprise plans that Microsoft offers besides Microsoft 365 E3 and E5. However, the Office 365 E3 and E5 plans do not come with EMS unlike Microsoft 365 E3 and E5 and so EMS has to be purchased individually and added on to the Office 365 E3 and E5 plans.
The main difference between Office 365 E3 + EMS E3 and Microsoft 365 E3 would be that the Office 365 E3 + EMS E3 would not include Windows 10 Enterprise E3 which Microsoft 365 E3 has. Windows 10 gives your organization advanced security, deployment methods, compatibility methods and productivity features. Similar to Office 365 E5 + EMS E5 and Microsoft 365 E5, the Office 365 plan doesn’t include the Windows 10 Enterprise E5 plan. Price-wise Microsoft 365 E3/E5 plans would have the best deal if you wish to have Office 365 Enterprise E3/E5 + EMS E3/E5 + Windows 10 Enterprise E3/E5 instead of purchasing all the components individually.
Microsoft Enterprise Mobility + Security (EMS) E3 vs. Microsoft Enterprise Mobility + Security (EMS) E5 Comparison
Application Comparison
Apps Included | Enterprise Mobility + Security E3 | Enterprise Mobility + Security E5 |
---|---|---|
Price | $8.80 USD/user/month
($11.30 CAD) |
$14.80 USD/user/month
($18.90 CAD) |
Azure Active Directory Premium P1 (AADP P1)
*This includes everything you need for information workers and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), and security in the cloud. |
YES | YES |
Azure Active Directory Premium P2
*All the features in AADP P1 plus
|
NO | YES |
Microsoft Intune
*A cloud-based service that focuses on mobile device management and mobile application management. |
YES | YES |
Azure Information Protection P1
*Use on-premises connectors, track and revoke shared documents, enable users to manually classify and label documents |
YES | YES |
Azure Information Protection P2
*Builds on AIP P1 with automated and recommended classification & protection with policy-based rules and Hold Your Own Key Configurations that span Azure Rights Management and Active Directory Rights Management |
NO | YES |
Microsoft Advanced Threat Analytics
*Protects against advanced targeted cyberattacks and insider threats |
YES | YES |
Microsoft Cloud App Security
*Cloud access security broker with discovery, behavioural analytics, risk assessment, data protection, and threat protection |
NO | YES |
Azure Advanced Threat Protection
*Cloud-based solution that helps protect your organization’s identities from multiple types of advanced targeted cyberattacks |
NO | YES |
Windows Server CAL rights | YES | YES |
Feature comparison
Features Included | Enterprise Mobility + Security E3 | Enterprise Mobility + Security E5 |
---|---|---|
Price | $8.80 USD/user/month
($11.30 CAD) |
$14.80 USD/user/month
($18.90 CAD) |
Identity and access management:
|
|
|
Endpoint management:
|
|
|
Information Protection
|
|
|
Identity-driven security
|
|
|
EMS E3 VS. EMS E5 comparison conclusion:
Some notable differences between the applications offered in E5 that are not found in E3 as highlighted by the tables are:
- Azure Active Directory Identity Protection– This tool automates the detection and remediation of identity-based risks, investigates risks using data in the portal, and exports risk detection data to third-party utilities for further analysis.
- Privileged Identity Management – This tool helps discover, restrict, and monitor administrators and their access to resources as well as provide users just-in-time access when needed.
- Microsoft Cloud App Security – This tool allows you to discover and control the use of Shadow IT, protect your information anywhere on the cloud, protect against cyberthreats and anomalies and assess the compliance of your cloud apps.
- Azure Advanced Threat Protection – This tool monitors users’ behaviour and activities, protects user identities and reduces the attack surface, identifies and investigates suspicious user activities and advanced attacks.
- Azure Information Protection P2– This tool includes intelligent data classification and labelling, has capabilities like controlling oversharing of information when using Outlook, and much more.
- Risk-based conditional access– This is a feature in the Azure Active Directory that automatically responds to risky behaviours. It can automatically block a sign-in attempt or require a password change or Multi-Factor Authentication as a precaution.
If you believe that any of the above is necessary and essential for your organization, you may need to consider subscribing to Microsoft Enterprise Mobility + Security (EMS) E5 instead of Microsoft Enterprise Mobility + Security (EMS) E3. However, we know that making sense of Microsoft licensing can be pretty confusing, so don’t hesitate to contact us and discuss your specific situation. We’ll be able to position the best license for your needs, no technical speech required!
Related Posts
Subscribe our newsletter
Enter your email to get latest updates.