Microsoft is now pushing companies to adopt the Microsoft 365 product line, which bundles Office 365 with Windows 10 and their cybersecurity tools dubbed Enterprise Mobility + Security (EMS). There are 3 versions, Microsoft 365 Business, Microsoft 365 E3, and Microsoft 365 E5. This post describes every feature to help you determine which version you need for you business.
Microsoft 365 Comparison Table
There is only so much space I have for the table, so I added a link to the full 4-page version of the Side by Side Comparison Table of Microsoft 365 Business, E3, and E5.
Microsoft 365 Premium Add-Ons
Which features do I need?
It's obviously up to you and your company to decide which features you need. But to help you make your decision, I've added descriptions explaining all of them to give you a better understand of the value each version delivers. All right, lets go down the list one by one...
Table of Contents:
- Office Apps
- Email & Calendar
- Chat-based Workspace, Meetings
- File Storage
- Social, Video, Sites
- Business Apps
- Threat Protection
- Identity & Access Management
- Device & App Management
- Information Protection
Install Office on up to 5 PCs/Macs + 5 tablets + 5 smartphones per user
Email & Calendar
Outlook, Exchange Online
This should be pretty straightforward for everybody as Outlook and Exchange are one of Microsoft's oldest products. Exchange online hosts your company emails and Outlook is the app in which you read and send emails. You get 50GB of email storage with Microsoft 365 Business and unlimited with Microsoft 365 E3 and E5. But honestly, you'll probably never even get close to needing 50GB, that's a shit ton of space.
Chat-based Work-space, Meetings
Teams is the newest edition to Office 365 apps and is Microsoft's version of Slack, except that now way more people are using Teams. People love it so much that it has hockey-stick adoption growth rates. I arguably use it as much if not more than email. What is it? A collaboration tool that merges your business phone, conference call tool, chat room tool, calendar, etc... just watch the video!
Even thought it has only been around since December 2016, it already has 13+ million daily users, which obliterates Slack's stats, even though they've been around since 2013. For the full read and to learn about its 4 new ways Teams is making teams work together, read this article.
OneDrive for Business
I am a HUGE fan of OneDrive for Business file on-demand feature. OneDrive is a file storage service that is Microsoft's better version of Dropbox. With the file on-demand feature, you can see all of your files without necessarily having them downloaded on your hard drive. This means your company can have 10TB of files and you can search and see all of them from File Explorer and just download the ones you do need.
Also, since I get this question A LOT, I mean every week.. the 1TB that Microsoft gives you with most licenses, including Microsoft 365 Business, 'pools' to the entire company. What does that mean? If you buy 10 licenses, then your company receives 10TB of data shared between everyone in the company. So it's not 1TB per person per say, which is amazing value.
Social, Video, Sites
What's the difference between Teams and Yammer? In short, Teams is what you use everyday for collaborating and working with your direct team, whereas Yammer is a company-wide internal social media platform. Microsoft and many other companies use Yammer to communicate with their vendors and partners.
From my experience, if your company is under 25 employees then there isn't as much of a need for Yammer, it's when you get into the more 'mid-size' company that companies begin to really benefit from this community building app.
This app is used to upload and share videos internally, company-wide. At first I didn't really see a need for this tool but at BEMO we quickly adopted it for on-boarding, training, and knowledge base. It's especially useful when someone is on vacation and you have to cover their tasks for a while or you forgot how to do something and then you can find a video that goes over the process.
This is a pretty basic version of common project management tools like Trello where you create cards with tasks and attach people to that task. While I prefer the other PM tools, I still end up using Planner because the integration with other Office 365 tools like my Outlook and Teams makes it just too useful. I know that the product team is also continuously improving the tool, so I'm sure more advance PM features will slowly be built into it.
FindTime - Meeting Scheduler
THE BEST APP EVER. Who doesn't hate going back and forth in an email to find a time that works with everyone's schedule? Especially if the meeting is with someone outside of your company and you can't see their availability! I swear by the tool and use it several times a day. Essentially you offer several proposed meeting times, everyone votes on what works for them, and then Outlook automatically books the meeting. It's even integrated with Skype for Business so that there is a link to meet. i'm just waiting for the day that it integrates with Microsoft Teams as well!!!
This is great for companies with 'First line workers' which is what Microsoft calls desk-less employees, such as nurses, waiters, construction workers, ski station attendants etc... Staff Hub allows you to schedule employees.
I've never actually used this one because we use HubSpot, our CRM/Sales/Marketing tool to book all of our meetings, but the idea is that you can book people's personal calendars to book one-on-one meetings or schedule a time to meet with sales etc...
Microsoft Advanced Threat Analytics, Device Guard, Credential Guard, App Locker, and Enterprise Data Protection
This is an on-premises platform that helps protect enterprises from advanced cyber-attacks and insider threat by leveraging port mirroring from domain controllers and DNS servers and through deploying the ATA Lightweight Gateway on top of your domain controller.
Office 365 Advanced Threat Protection
Office 365 ATP protects your organization by preventing dangerous links and malicious attachments that come via your email, SharePoint, OneDrive, and Teams. In addition, it'll filter out all the spam mail, so that when you start your day, your Outlook is always clean with emails that should be there. Microsoft's introduction video is very concise, so please give it a watch below.
Microsoft Defender Advanced Threat Protection
Not to be confused with Office 365 ATP (thanks Microsoft for the confusing naming conventions), Windows Defender works at the operating system level to detect breaches, investigate them, and respond automatically using machine learning and analytics to contain attacks on your computers. The dashboard will give your IT team insights into the types of malware detected, on which devices, and will tell you the users most at risk of attacks. Coupled by the intelligence aggregated from Microsoft's 1 billion devices using Windows, your anti-virus will continuously get smarter. Watch the video below to see Heike Ritter of the Windows team demo this tool in granular detail in a concise 5-minute video.
Office 365 Threat Intelligence
Think of this as your security threat dashboard that gives you insights into the types of threats and attacks on your business. In addition you have tools to explore threats, investigate, and remediate those threats.
Identity & Access Management
Azure Active Directory: Plan 1 and Plan 2
Companies are gradually migrating their on-premises Active Directory to Azure Active Directory because as it reduces maintenance, is more secure, and removes the need to buy hardware. Azure AD is what allows things like Single Sign-On, Conditional access, and Multi-factor Authentication (MFA).
AAD Plan 1 bought as an add on is $6 per user/month and AAD Plan 2 on its own is $9 per user/month. AAD Plan 1 is bundled with Microsoft 365 Business and E3, whereas AAD Plan 2 is bundled in Microsoft 365 E5.
Self-Service Password Reset (SSPR)
Self-Service Password Reset (SSPR) for Office 365 and Azure is a great solution created by Microsoft to enable users to change and reset their passwords by themselves, saving IT a lot of time. Self-Service Password Reset allows users to both change their existing passwords or their forgotten ones. This feature works both with Azure Active Directory and On-Premises Active Directory synced using AD Connect. Read our blog post on setting up Azure Self-Service Password Reset.
Azure Multi-Factor Authentication (MFA)
81 percent of data breaches are due to weak, reused, or stolen passwords, and MFA is here to prevent those breaches. By having your employees have to authenticate before accessing company data reduces the majority of cyber-attacks from being successful.
OK, so your company uses MFA. And even if your company doesn't, you probably do on some of your personal home accounts like your banking app. Don't you hate receiving that MFA text message or email, having to type in that four to six digit code? Well say no more with Microsoft Authenticator, now all you have to do is click 'accept'. It's just another way Microsoft improves the user experience of cybersecurity!
Azure Single Sign-On (SSO)
SSO reduces the friction of having to constantly log in to different apps and services, while increasing security as the company has more control over what apps your employees have access to -instead of letting them download or signup whatever free account online without you knowing. With employees having an average of 191 unique accounts, keeping track of passwords gets out of hand really quickly.
Azure Conditional Access
At BEMO, we are HUGE fans of conditional access, as it prevents so many attacks from taking place in the first place. Conditional access lets IT admins create rules such as: You can only log in from the USA or if you're working from an un-trusted location, you have to MFA. Or, if you see a user impossibly signing in from both Nigeria and Texas at the same time, then lock the account.
Discovery, AAD Connect Health
This is only important if you plan on having on-premises Active Directory. If you are 100% cloud-based, this isn't important for you. To ensure security in your hybrid environment, Connect Health provides the following features: password hash synchronization, pass-through authentication, federation integration, synchronization, and health monitoring.
Device & App Management
Mobile Device Management (MDM) with Microsoft Intune
Intune allows your company to finally have control over your company's data. With employees bringing their own devices to work, from their smartphones to their own laptops, it's easy to lose control over what is happening with your company data. Are employees saving company files on their laptops? Are they forwarding that data to people outside the company? Are your employees keeping their anti-malware up to date or are they streaming illegal movies online that could then affect your company files if malware is downloaded? Intune fixes those types of issues by setting company policies on rules on all devices housing your data.
On-boarding new employees can be a real pain in the ass, oftentimes it takes a week or two just to get each new employee up to speed on all the apps they need, create accounts for all the online services you use, and to configure settings the right way. Autopilot solves this. Your IT team pre-configures the entire PC with all the apps and services your new employee will need before they even open the box with the new computer. When the employee opens their new computer all they have to do is login and everything is setup; their email, all those apps and online accounts, and because you're using Single Sign-On, the only password they have is the one to login to the computer. Your employees are up and running on day one!
Unlimited Exchange Archiving
Some companies have to comply with industry regulations that require them to keep years of data for compliance reasons. You can set policies that will automatically archive emails that are from at least 12 months ago and separate them from your inbox and hold it in an archive for as long as you'd like. If you ever need to retrieve it, built in eDiscovery tools make it easy to analyze or do a search on what you're looking for. As a stand-alone feature this costs $3.00 per month/user but is bundled into every version of Microsoft 365.
Office 365 Data Loss Prevention
Microsoft can scan all of your data and identify sensitive information like credit card numbers, social security numbers, passwords, and then automatic actions tied to them. For example, if an employee is clicks send on an email that contains a social security number, the DLP rule can automatically encrypt the email, it can create a pop up that educates the employee on 'good security manners' so that your employees become vigilant, or it could simply stop the email from being sent. There realm of possibilities for rule and action creation is truly endless, giving your IT team incredible control over company data, giving them the tools they need to prevent data breaches. Skip to minute-mark 4:04 on the video below to see DLP in action!
Microsoft Cloud App Security + O365 Cloud App Security
This tool is a Cloud Access Security Broker (CASB), which is necessary for IT compliance, configuring how your data travels, and for visibility into security threats across Microsoft and 3rd party apps.
Azure Information Protection - Plan 1 & Plan 2
Azure Information Protection is a cloud-based solution that enables organizations to classify and protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
Find out the differences between Azure Information Protection Plan 1 and Plan 2 in this comparison table. As stand-alone features, AIP Plan 1 is $2.00 per user/month and AIP Plan 2 is $5.00 per user/month. AIP Plan 1 is bundled with Microsoft 365 BUsiness and Microsoft 365 E3, while AIP Plan 2 is bundled with Microsoft 365 E5.
This tool is a workflow-based risk assessment tool that lets you track, assign, and verify regulatory compliance activities related to Microsoft cloud services. Microsoft can track your degree of IT compliance with 90+ regulations, giving you insights and actionable items on how to become and stay IT compliant, without the guessing.
Advanced eDiscovery, Litigation Hold, Data Subject Requests
This eDiscovery solution allows you to review data that violate your organization's policies, or a regulation such as HIPAA or GDPR that triggers an investigation. These types of investigations can be complex to find the specific data or content you're looking for, but Advanced eDiscovery makes it easy, saving you stress, time, and money.
By default, not a single person at Microsoft has access to your data. However, in the rare even that you do need the help of Microsoft Engineers to troubleshoot, then you can securely authorize temporary and limited access to Microsoft.
Advanced Data Governance
Staying IT compliant with regulations is expensive work when people's time is involved, an often, we as humans make mistakes and often miss things because sifting through a lot of files is hard work. Advanced data governance aims to automate the process of staying compliant by labeling data and creating polices for said labels in order to adhere to your chosen regulation. This tool can retain and protect sensitive information while purging irrelevant or redundant data, whether it's structured or unstructured data.
Power BI Pro
For those that don't know, Power Bi is a data visualization software, similar to that of Tableau, except that it is natively integrated into Office 365, Azure, and all of your company data. It's so smart that it'll actually auto-create tons of dashboards and tables specific to the data its plugged into, so you have to do far less work.
This tool uses data from Outlook to analyze how many hours you spend in meetings, time you spend emailing people, time you spend actually working, and time you spend working outside of normal work hours. Only you can see your own data. These insights allow you to better prioritize your time and better organize your organization.
For example, MyAnalytics may tell you that you spend 8 hours a week in reoccurring meetings, and during those meetings, 75% of the time you are multi-tasking instead of paying attention. This insight may tell you that your meetings aren't that useful.
PSTN Conferencing, Cloud PBX
Most people are unaware that Microsoft even provides a phone plan. You can migrate your business phones to the cloud, meaning you can make calls from your laptop, your tablet, or even from the Microsoft Teams App on your phone.
That means your company doesn't need to give you a business phone, because you can use your smart phone to receive business phone calls without using your personal line. In addition, after years of bouncing from different virtual meeting tools like Webex or GoToMeeting, Microsoft Teams is really a no-brainer.
Below is a screenshot of Calling Plan for Office 365 Pricing Table, which is kind of hard to read so we attached the file to the hyperlink. The table reads Office 365, but the price is the same for its cousin product line, Microsoft 365.