Enterprise Mobility and Security Licensing Guide
Enterprise Mobility + Security (EMS) Licensing Guide
Section titled “Enterprise Mobility + Security (EMS) Licensing Guide”Overview
Section titled “Overview”Microsoft Enterprise Mobility + Security (EMS) is a comprehensive solution that combines identity and access management, mobile device management, and advanced security capabilities. EMS is available in two primary plans: E3 and E5, each offering different levels of security and management capabilities to meet various organizational needs.
EMS E3 vs EMS E5 Comparison
Section titled “EMS E3 vs EMS E5 Comparison”| Feature | EMS E3 | EMS E5 |
|---|---|---|
| Price | $8.80 per user/month | $14.80 per user/month |
| Azure AD Premium | P1 | P2 |
| Microsoft Intune | ✓ | ✓ |
| Azure Information Protection | P1 | P2 |
| Advanced Threat Analytics | ✓ | ✓ |
| Cloud App Security | ✗ | ✓ |
| Azure Advanced Threat Protection | ✗ | ✓ |
| Risk-Based Conditional Access | ✗ | ✓ |
EMS E3
Section titled “EMS E3”Ideal for: Organizations looking for basic security tools at a lower cost, including mobile device management and manual document protection.
EMS E3 provides essential identity and security capabilities for organizations starting their digital transformation journey.
Key Features
Section titled “Key Features”| Component | Capability | Business Value |
|---|---|---|
| Azure Active Directory Premium P1 | SSO, MFA, basic conditional access | Core identity and access management |
| Microsoft Intune | Mobile device management (MDM) and mobile application management (MAM) | Secure data across devices |
| Azure Information Protection P1 | Manual classification and labeling of documents | Basic data protection and tracking |
| Microsoft Advanced Threat Analytics | User behavior analysis for threat detection | Protection against insider threats |
| Windows Server CAL | Device access rights for Windows Server services | Server access licensing |
EMS E5
Section titled “EMS E5”Ideal for: Businesses requiring advanced threat detection, privileged access management, and automated document classification.
EMS E5 includes all E3 features plus advanced security and identity protection capabilities.
Additional Features in E5
Section titled “Additional Features in E5”| Component | Capability | Business Value |
|---|---|---|
| Azure Active Directory Premium P2 | Risk-based conditional access, Privileged Identity Management (PIM) | Advanced identity protection and admin control |
| Azure Information Protection P2 | Automatic classification and labeling based on content | Enhanced data protection automation |
| Microsoft Cloud App Security (CASB) | Cloud access security broker for Microsoft and third-party apps | Comprehensive cloud app security |
| Azure Advanced Threat Protection | Identity-based attack detection and network monitoring | Sophisticated threat detection |
| Risk-Based Conditional Access | Automated responses to risky user behaviors | Adaptive security controls |
Key Differences Summary
Section titled “Key Differences Summary”| Area | EMS E3 | EMS E5 |
|---|---|---|
| Identity Management | Basic SSO, MFA, conditional access | Advanced risk-based access, PIM |
| Cloud App Security | Not included | Full CASB capabilities |
| Information Protection | Manual classification only | Automatic classification and enhanced controls |
| Advanced Threat Protection | Basic behavioral analysis | Sophisticated identity and cloud threat detection |
Strategic Implementation Approach
Section titled “Strategic Implementation Approach”Starting with EMS E3
Section titled “Starting with EMS E3”Ideal for: Organizations beginning their identity and mobile device management journey.
| Benefit | Description |
|---|---|
| Cost Efficiency | At $8.80 per user/month, provides cost-effective identity and device management |
| Basic Identity Management | Core capabilities like SSO, MFA, and conditional access |
| Gradual Adoption | Allows organizations to establish identity foundation before adding complexity |
Upgrading to EMS E5
Section titled “Upgrading to EMS E5”Ideal for: Organizations with mature identity frameworks requiring advanced security capabilities.
| Benefit | Description |
|---|---|
| Advanced Security Needs | Risk-based conditional access and PIM for enhanced control |
| Comprehensive Protection | CASB for third-party cloud app security |
| Future-Proofing | Advanced threat protection for evolving security landscape |
| Automation | Automatic document classification reduces manual overhead |
Implementation Recommendations
Section titled “Implementation Recommendations”Phased Approach Benefits
Section titled “Phased Approach Benefits”- Cost-Effective Start: Begin with EMS E3 to establish basic identity and device management
- Gradual Maturity: Build security processes and user adoption before advanced features
- Strategic Upgrade: Move to EMS E5 when security needs become more complex
- Maximized ROI: Ensure full utilization of each tier’s capabilities before upgrading
Key Insight: This phased approach allows businesses to start small, optimize their identity management processes, and then expand into more advanced security measures as needed.
Choosing the Right Plan
Section titled “Choosing the Right Plan”Select EMS E3 if your organization:
Section titled “Select EMS E3 if your organization:”- Needs basic identity management and mobile device control
- Has limited security budget but requires essential protection
- Is starting digital transformation initiatives
- Prefers manual document classification processes
Select EMS E5 if your organization:
Section titled “Select EMS E5 if your organization:”- Requires advanced threat detection and response
- Needs privileged access management and audit capabilities
- Must secure multiple cloud applications with CASB
- Wants automated data classification and protection
- Has complex compliance requirements
Conclusion
Section titled “Conclusion”Key Takeaway: The choice between EMS E3 and EMS E5 depends on your organization’s security maturity, compliance requirements, and budget considerations. E3 provides a solid foundation for identity and device management, while E5 delivers advanced capabilities for sophisticated security environments.
Both plans offer scalable solutions that can grow with your organization’s needs, ensuring you have the right level of protection at every stage of your security journey.