Choosing Office 365 Plans: Licensing Compliance Pitfalls To Avoid

Cloud & Services Home IT Asset Management Risk & Audit Software

by | August 31, 2018

An analyst outlines some considerations when choosing Office 365 plans, and how to avoid possible licensing compliance issues.

It’s perhaps useful to compare notes when making decisions about Office 365 software licensing, and a recent analyst presentation offered some pointers, with particular regard for staying compliant with Microsoft’s complex licensing schemes.

Office 365 is a collection of products consisting of various components, ranging from the Office 365 ProPlus productivity suite to Exchange Online for e-mail, Skype for Business Online for communications, and SharePoint Online for collaboration and document sharing. The products are packaged and offered as F1, E1, E3 and E5 plans.

In a Wednesday online presentation, Rob Horwitz, CEO and research chair at analyst firm Directions on Microsoft, dissected the various product components and offered advice for organizations trying to make a purchasing decision. His presentation, “Office 365: E3 vs. E5,” focused on comparing Microsoft’s two upper-tier product plans.

Microsoft tends to sell suites within suites, Horwitz explained. For instance, the Microsoft 365 plans also contain Office 365 plans. In Office 365, the capabilities of the higher-tier plans act like supersets of the lower-tier plans. It’s a sort of nested “Russian doll” packaging approach to selling software licensing. Horwitz joked that someone at Microsoft maybe has a Russian doll collection since it’s such a favored approach. All of the Office 365 suites offer some cloud-based security and management features, but their components differ.

Office 365 E5 vs. E3
Horwitz explained the differences between the Office 365 E5 and E3 plans mostly by concentrating on the nine unique components that exist in the E5 plan. He noted that each of the nine components can be purchased on their own. However, if an organization finds they are buying two or three of the E5 components, then they might as well consider buying the E5 plan.

Perhaps the biggest caveat in Horwitz’s presentation concerned the possible licensing pitfalls that organizations may face when they try to mix Office 365 plans. He noted that many organizations are going to be tempted to buy the E5 plans for some users, and the E3 or E1 plans for others. However, there can be issues when mixing them. Depending on the components used, organizations could end up being mis-licensed and possibly subject to Microsoft audits and unexpected higher costs. Horwitz made that point repeatedly throughout the talk as he described each of the features in the E5 plan.

“I hate to pop the bubble if you are moving to the cloud and thinking your license compliance issues will go away. No, it won’t,” Horwitz said.

E5 Plan Features
The nine features of the E5 plan, and their highest individual monthly prices (without discounts), were listed in the talk as follows:

Office 365 Advanced Compliance: $8
Office 365 Advanced Threat Protection: $2
Office 365 Cloud App Security: $4
Phone System: $8
Power BI Pro: $10
Audio Conferencing: $4
Microsoft Stream Plan 2: $2
Office 365 Threat Intelligence: $9
MyAnalytics: $4

Office 365 Advanced Compliance: This feature is a grab-bag of regulatory compliance items to address governmental regulations. Office 365 Advanced Compliance has five feature areas. There’s Advanced eDiscovery for assembling data for legal cases, Advanced Data Governance for document retention and deletion policies (Horwitz noted that without the E5 plan, the document retention policies in Office 365 are “pretty coarse”), Privileged Access Management for protection against rogue Office 365 administrators and compromised Office 365 admin accounts, Customer Key for Office 365 where the data is encrypted at rest but Microsoft provides the customer with a key and, lastly, Customer Lockbox, which allows customers to approve or reject Office 365 administrative requests by Microsoft for their account.

When using Office 365 Advanced Compliance, any user with data touched by an Office 365 compliance feature would require being licensed under the E5 plan, and that’s likely everyone in an organization’s Office 365 tenancy, Horwitz noted. If organizations mix their licensing plans, there are no built-in checks provided by Microsoft to determine that everyone is properly licensed. He added that Microsoft might not make an issue of such improper licensing right away, but it could later, especially if adoption becomes widespread.

Office 365 Advanced Threat Protection: This feature used to be called “Exchange Online Advanced Threat Protection.” It’s designed to protect against attachments with unknown malware. It opens attachments in sandboxes for testing, and if they are not considered malicious, it’ll forward the attachments to end users.

Horwitz said that Office 365 Advanced Threat Protection is akin to an add-on layer. There are competing solutions out there, such as products from Proofpoint FireEye and SonicWall, he noted. Licensing compliance isn’t built into Office 365 Advanced Threat Protection, so it doesn’t check whether users are properly licensed. “However, the fact that you must explicitly provision users for the service gives you the ability to manage compliance on your own,” he added. Horwitz described Office 365 Advanced Threat Protection as “a compelling feature” but it’s possible to get something else from third parties.

Office 365 Cloud App Security: This feature is a cloud app security broker. It looks for suspicious activities and generates event logs for security events. It analyzes that info with other information, such as a list of risky IP addresses.

Horwitz said that one alternative to using Office 365 Cloud App Security is to use Microsoft Cloud App Security, which serves as a superset of Office 365 Cloud App Security. There also are “third-party” alternatives from Netskope, Symantec and McAfee, he noted. Everyone in your Office 365 tenancy will need a license to use Microsoft Cloud App Security, he added.

Phone System: This feature used to be called “Skype for Business PBX.” It’s a hosted private branch exchange service that works with Skype for Business Online and Microsoft Teams. Organizations will need to buy phone service from a local telco, as well. Fortunately, compliance is built into Phone System, so mixed Office 365 licensing is not an issue. Horwitz described Phone System as a compelling offering.

Power BI Pro: This data visualization feature pulls data from connectors and gateways, and manages user access to reports. Microsoft also offers Power BI Premium, which is a higher-performance implementation of Power BI Pro. Power BI Premium has a capacity-based licensing approach that permits users to view reports without requiring individual licenses, Horwitz noted.


Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!