Microsoft is continuously evolving their packages to provide the best solutions at the right price points to their clients. One area of massive investment over the past few years has been security and how to better protect users and systems for their clients. Too often I find organizations trying to find third-party vendors to add single-point security solutions for applications they are already paying for security solutions for through their Microsoft licensing. With that, I’d like to highlight some of the most recent updates that Microsoft has provided for how they’re packaging their security solutions, and how they can benefit your business.
Office 365 Advanced Threat Protection Plan 1 & Plan 2
Microsoft now has two different plans for Office 365 Advanced Threat Protection (ATP), with a more robust version being included in Plan 2.
Office 365 ATP Plan 1
Office 365 ATP Plan 1 and 2 both include the items below, which are key security features that greatly heighten an organization’s security posture.
- Safe Attachments: Provides zero-day protection by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox.
- Safe Links: Provides time-of-click verification of URLs in email messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click; safe links remain accessible and malicious links are dynamically blocked.
- Anti-Phishing Policies: Detects attempts to impersonate your users and custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks
- Safe Attachments in SharePoint, OneDrive, and Teams: protects your organization when users collaborate and share files by identifying and blocking malicious files in team sites and document libraries
- Safe Links in Teams: provides time-of-click verification of URLs in messages within Teams
- Real-time Reports: provides updated reports to visualize the latest insights into your Office 365 environment. Predefined reports include Threat Explorer, the Treat Protection Status report, the ATP File Types report, the ATP Message Disposition report, and more.
The primary purpose of Office 365 ATP Plan 1 is around the configuration, protection, detection, and reduction of security threats.
Office 365 ATP Plan 2
The additional features that Office 365 ATP Plan 2 provides are focused on automation, investigation, remediation, and education. Below are the additional features that come with Plan 2.
- Threat Tracker: provides the latest intelligence on prevailing cybersecurity issues. You can see information about the latest malware and take countermeasures before it becomes an actual threat to your organization.
- Explorer (advanced threat investigation): real-time report that allows you to identify and analyze recent threats. You can configure Explorer to show data for custom periods.
- Automated investigation and response (AIR): includes a set of security playbooks that can be launched automatically, such as when an alert is triggered, or manually, such as a view in Threat Explorer. It can drastically reduce the time and effort needed to mitigate threats effectively and efficiently.
- Attack Simulator: allows you to run realistic attack scenarios in your organization to identify vulnerabilities. The user is almost always the number one biggest security threat to an organization, and the attack simulator is a key tool to help educate users about the types of attacks out there and how to deal with them. Additionally, it’s trackable so executives can understand the reality of the situation with regards to user behavior.
From a cost standpoint, Office 365 E5 currently includes Office 365 ATP Plan 2, and the plans can be added to a different subscription. To add onto a different plan, Office 365 ATP Plan 1 is priced at $2/user/month, and Plan 2 is priced at $5/user/month.
Identity & Threat Protection Plan
Taking a step back from just Office 365, we’ve seen a massive increase in the number of customers that have transitioned from Office 365 E3 customers to Microsoft 365 (M365) E3 customers, for the additional components that it includes (Enterprise Mobility + Security E3 and Windows 10 Enterprise E3).
The current M365 E3 subscription is $36/user/month, which is a well-priced subscription for the value it provides. The higher bundle with Microsoft 365 E5, which provides additional security, phone system, business intelligence, and compliance solutions runs at $57.50/user/month, a significant increase in comparison to E3.
Microsoft has received a great deal of feedback from organizations that need the security components that E5 provide, but don’t need all the features that add up to that price point for E5.
Microsoft has responded by building out a new plan called Identity & Threat Protection, which is designed to provide the security components to M365 E3 customers that they’ve been asking for. The plan will include the following:
- Azure ATP: A cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Windows Defender ATP: A platform that helps enterprise networks prevent, detect, investigate, and respond to advanced threats. It uses a combination of technology built into Windows 10 and Microsoft’s cloud services, specific endpoint security sensors, cloud security analytics, and threat intelligence generation to update the security posture in real-time.
- Office 365 ATP (Plan 2): This is outlined above and provides protection for an organization’s Office 365 environment.
- Microsoft Cloud App Security: A multimode Cloud Access Security Broker (CASB), which provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud environments.
- Azure Active Directory (Plan 2): Azure Active Directory is a comprehensive, highly available identity and access management cloud solution that combines core directory services, advanced identity governance, and application access management. Azure Active Directory also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.
This plan is priced at $12/user/month and is primarily designed for M365 E3 clients to offer comprehensive threat protection. It provides a significant solution to security-conscious M365 E3 clients and is also available to clients that have other packages.
Information Protection & Compliance
In a similar scenario, there are many M365 E3 organizations that have additional needs around data governance and compliance that can’t justify the full step up to E5. Microsoft has built out the Information Protection & Compliance plan for these exact customers to address those needs. This package contains the following solutions:
- Office 365 Advanced Compliance
- Advanced Data Governance: The ability to apply retention policies to classify data across your organization and enforce retention rules based on that classification automatically.
- Advanced eDiscovery: provides the ability to better understand your Office 365 data and reduce your eDiscovery costs by analyzing unstructured data within Office 365 and performing efficient document review. Allows for granular searching, simplifying and speeding up the eDiscovery process.
- Customer Lockbox: ensures that no one at Microsoft can access customer content to perform a service operation without the customer’s explicit approval.
- Azure Information Protection (Plan 2): a cloud-based solution that helps an organization classify and protect documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
This plan is priced at $10/user/month and is designed to provide a single plan to address compliance needs for M365 E3 customers.
Understanding how these solutions can solve business needs is not always easy, which is why PEI specializes in learning our customers’ business needs and challenges before making licensing recommendations. If you’d like to get a better understanding of how Microsoft solutions can better protect your organization, please reach out to info@pei.com, and we’d be happy to speak with you.
Martin Feehan, Director of Client Relations
This blog was updated to reflect license price changes that Microsoft implemented on March 1, 2022.
Additional Resources
What is Azure Advanced Threat Protection?
Microsoft 365 Enterprise Plans
Office 365 Advanced Protection Plans Comparison
Office 365 Advanced Threat Protection Overview
Microsoft Defender Advanced Threat Protection
Azure Active Directory Pricing
Overview of Retention Policies
Office 365 Advanced eDiscovery Overview
Customer Lockbox in Office 365