Four ways to maximise the security available in your M365 licensing

By Callum MacKay

In response to Covid-19, many organisations have switched to a remote working model they were not prepared for. Others may have utilised applications and services which are not part of their existing security strategy or long-term technology roadmap.

This has presented several security challenges and risks, which sadly has been capitalised on by criminals, with an increased threat to security through connectivity and end points.

In these challenging times, businesses may not by utilising the full capabilities of the Microsoft 365 security features available to them within their existing licences or know whether a better, more cost-effective licensing model is available.

In this blog, I share my top four tips on how to maximise the security features within Microsoft 365 enterprise licensing.  

1. Know what there is

A great first step is to familiarise yourself with what’s available and where each Security offering sits within Microsoft 365 (M365).

M365 brings together Windows 10, Office 365 and Enterprise Mobility and Security (EM+S), which deliver an efficient operating system, seamlessly integrated with workplace productivity applications and mission-critical enterprise-grade security tools.

A key distinction is whether you are using M365 for Enterprise or M365 for Business. M365 for Business caps users at 300 per licensing type, and there are fewer security features available due to the likely lower complexity of organisations using this service.

Advanced security features are found in E3 and E5 licensing. These features can be subscribed to in several ways.

Each separate component of M365 (i.e., Windows 10, Office 365 or EMS) has its own E3 and E5 licence, with security features split across them. Some security and compliance features are available as standalone features (e.g., Azure Information Protection P2, Office 365 ATP Plan 2, Microsoft Defender ATP), or as a part of mini-suites (smaller feature groupings that don’t require the uplift from E3 straight to E5, for example, E5 Compliance, E5 Security).

This gives organisations flexibility in what they purchase; but it also leads to confusion over what is available in each component licence type. Purchasing standalones and mini-suites may cost organisations more than the complete M365 E5 suite. If you’re using M365 E3 and are going to utilise more than a few E5 features as standalone or mini-suites, the most cost effective route is likely to be M365 E5, which comes with a host of other features around telephony, analytics, compliance and security.

Below is a table of how the M365 E3 and E5 Security components are separated.

callum blog 1

The two images below show which features sit within the three components of Microsoft 365.


This shows how security features are separated by component and licence type, so you can understand exactly what is available and where efficiencies are.

2. Know what you've got

It is common to see organisations with a range of licence types, across cloud and on-premise Microsoft services. Some licences may also be unassigned, usually after employees have left the organisation and their licence has not been reassigned, or their Office 365 profile has not been removed.

This can cause significant unnecessary costs, but it also presents a security risk through ex-employees continuing to have access and permissions when they have left the organisation.

It is likely your organisation will use a combination of licence types. Some users may have the full M365 E5 licence, others may have M365 E3, with a compliance mini-suite. Or you may have Office 365 E3, with Microsoft Defender ATP Standalone.

 An analysis of your users and an inventory of licences is always useful.

You will find your active licences in the Office 365 admin centre. From here, you can work out what you have and, perhaps more crucially, what you don’t.

You may find that there is a more cost-effective licensing combination available, or that certain users need features which they are not licensed for.

Core can manage customer licences through Microsoft’s Cloud Solutions Provider (CSP) programme, ensuring unused licences are either assigned to a new user or removed. We can also manage your organisations identities, which includes operating a joiners and leavers process to assign and remove licences and profiles as part of an automated process.

This is great for efficiency, cost-effectiveness and security.

3. Know what you need

It would, of course, be nice to have everything; but this isn't possible in most organisations. So, it is important to prioritise your users, assess their risk and understand the impact and importance of these features in your environment.

A great way to know what you need is to sample the available trial licences in your Office 365 admin centre and Azure Portal.

These trial licences can deliver fresh insight and new understanding into various parts of your cloud and on-premise environment, while giving you familiarity with new features.

It is a great way to uncover vulnerabilities while also helping you to test new security features such as risky sign-ins, compromised credentials, identity scores and malware detection. You will have access to dashboards that show progress as the features have an impact over time, helping to develop a clear business case for executive buy-in.

To make full use of these features, it’s’s important to seek external support, interpret the data uncovered, understand where the gaps are in your security strategy and where quick wins can be found.

4. Know how to use it

The security landscape continues to change and there is a premium on time, resources and knowledge available.

Attacks are always evolving in scale, nature and complexity.  Attack perpetrators don’t respect moments of national or global crisis; instead, they capitalise on them.

The true security impact of this crisis may not be known for years, but it is inevitable that this rapid change to new ways of working will have left organisations vulnerable to attack.

In order to keep pace at all times, in all scenarios, the machine learning, artificial intelligence and automation security features of Microsoft 365 are crucial. In particular, the persistent hunting and automated remediation tools for all devices and services available in E5 suites are invaluable and represent both short and long-term value.

To protect each organisation’s expanding universe of cloud-based apps and data, we need a strategy that focuses on cloud application security to stop attacks from both external and internal actors before they happen, and which provides comprehensive protection across the kill chain.


Core is one of a select group of partners chosen by Microsoft to deliver workshops which provide a comprehensive end-to-end view on Microsoft security and the best strategy for your organisation.

Core can deliver a full security assessment of your environment, including current vulnerabilities and how the Microsoft 365 stack can address these, which you can use to guide your security strategy going forward.

Core can also operate your security on a managed service basis, taking on the responsibility of configuring, updating and monitoring threats across your IT enterprise so internal teams can focus on strategic goals,  knowing that an accredited and experienced Microsoft Gold Partner is helping you face these challenges.

Talk to us about booking a comprehensive deep-dive into security strategy, tailored to your unique business needs.



subscribe to our blog 2

Sign Up for our Blog

We promise that we won't SPAM you.