Microsoft 365 is a combined bundle of Windows 10 , Office 365 and Enterprise Mobility + Security suite. The bundle has a massive list of features if you would write all of those down. Microsoft 365 has these licensing options (excluding add-on’s):

  • F1 – For firstline workers
  • E3 – Less expensive for enterprises
  • E5 – Take it all!
  • Business – For <300 employee organizations
  • Business Premium – For <300 employee organizations, with Office client applications
  • Education – For academic organizations

I’m focusing in this blog post ONLY for Enterprise bundles (E3/E5).

New licensing add-ons

2nd of January 2019 Microsoft announced a couple of new Security offerings which will provide two new add-on capabilities for companies when selecting their license packages.

Some of companies are buying licenses through their own Enterprise Agreement (EA), some through a Cloud Solution Provider (CSP) and some through other channels. When writing this post (11th of Jan) there are several differences when buying licenses and add-on packets for those. For example you can buy Microsoft E3 with Windows Defender ATP add-on through the EA but not through CSP. These new license add-on’s will give a possibility to extend your Microsoft 365 E3 license also through the CSP channel.

If you are currently buying licenses through the CSP, until this day you have had very limited selection of add-on licensing bundles of Microsoft 365 (only couple of Office 365 add-on’s available). If you selected M365 E3 for your users, you’ve missed a lot of great security features that are included in E5. E5 almost doubles your license cost compared to E3 and that’s why organizations are wondering if it’s worth of it.

Let’s now introduce two new add-on’s Identity & Threat Protection and Protection & Compliance. These add-on’s are available from 1st of February 2019.

License feature break up

Microsoft 365 E3 add-on major differences (+E5).

To get only advanced identity, endpoint and Office 365 security features out from Microsoft 365 E5 you can choose Identity & Protection add-on to get those. I think that this is the most interesting add-on from this announcement, because of it includes so many preventive and responsive products that are missing from Microsoft 365 E3 bundle.

To get only automatic data labeling and protection and Office 365 Advanced Compliance features from Microsoft 365 E5, you can choose Protection & Compliance add-on to get those.

If you need also Audio Conferencing and/or Power BI Pro, go with Microsoft 365 E5. It is the most clear solution for organizations. It includes everything. To save some money on licenses, it’s more clever to buy add-on’s.

These days, when there are a high risk for identity thefts especially in Office 365 / Azure AD side I strongly recommend at least test M365 Identity & Threat Protection features in your own environment. You can find trial licenses for these component from the following links. There are so much features in those components, so I recommend to focus first on the threat detection and discovery side.


New add-on’s requires Microsoft 365 E3 license before you can use those. Announced pricing for add-on’s are of course lower than selecting the whole E5 bundle. Announced add-on prices are

  • Identity & Threat Protection add-on 12$/user/month
  • Protection & Compliance add-on 10$/user/month

Announced prices are without volume discounts.


If you need just some of Microsoft 365 E5 features these new license packs might help your decision between E3 and E5. Both of add-on packages are great and truly value for money, but the Identity & Threat Protection add-on brings so many new detective and responsive security features that it’s more than highly recommended for all organizations that are using currently Microsoft 365 E3 licensing (or planning to use those).

Markus Lintuala

I've been working in IT since 2009 in different roles mostly with solution architecture, service development, training and consultancy side. With Azure I started to work in 2013 and with Microsoft 365 related products in 2011. I like to work often with the newest technologies by testing, giving feedback and share the knowledge to people around me. Currently I'm working much in Azure side with governances, security and solution architectures and in Microsoft 365 side with E5 security solutions with strong zero trust aspect.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.