Are you buying for a business based in EU? Please enter your business VAT number to avail reverse charge. VAT will not be applied at checkout.
Note: VAT will be applicable for businesses based in the Netherlands.
Microsoft Enterprise Mobility + Security E5 is the most comprehensive cloud delivered solution for securing your company data in a mobile-first, cloud-first world.
 Included Partially Included Not included |
Enterprise Mobility + Security E5 |
|---|---|
|
Accounts and security
Security comes standard in all Microsoft products. Use these resources to get secure today and protect against future threats.
|
|
 Included
apps
|
|
 Azure
Active Directory
Azure Active Directory is a comprehensive, highly available identity and access management cloud solution that combines core directory services, advanced identity governance, and application access management. Azure Active Directory
also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.
|
Premium P2 |
| Directory objects
Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this
default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.
|
No object limit |
| User/Group Management (add/update/delete)/ User-based provisioning, Device registration | ✓ |
| Single Sign-On (SSO) | Pre-integrated SaaS and developer-integrated apps, application proxy apps, self-service app integration templates. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time. All Office 365 apps are counted as one app. |
| B2B Collaboration
Azure AD allows for B2B collaboration by enabling the use of a select set of Azure AD features to guest users. A guest user is someone outside of your organization who is invited into your Azure AD tenant. Guest users are not employees,
contractors, or onsite agents for you or your affiliates. While some features are free, for any paid Azure AD features, guest users must be licensed as follows: with each Azure AD edition license that you own for an employee or
a non-guest user in your tenant, you will also be able to invite up to five guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase. There is no charge
for inviting a guest user and assigning him/her to an application in Azure AD, for up to ten apps per guest user. Other features of Azure AD 'Free' edition, such as, three basic reports, are also free for guest users. For paid
Azure AD features that are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licenses to cover guest users, in the one license: five users ratio as described above.
For e.g. one Azure AD Basic license will allow for up to five guest users to be set up for Group Based Access Management and Provisioning. For the 6th guest user, you will need another Azure AD Basic license. Similarly, one Azure
AD Premium P1 license will allow for up to five guest users to use Multi-factor authentication feature (plus any Azure AD Basic features). For the 6th guest user that uses MFA, you will need a second Azure AD Premium P1 license.
|
✓ |
| Self-Service Password Change for cloud users | ✓ |
| Azure AD Connect
Sync engine that extends on-premises directories to Azure Active Directory
|
✓ |
| Security/Usage Reports
Azure Active Directory (Azure AD) reports provide a comprehensive view of activity in your environment. The provided data enables you to: determine how your apps and services are utilized by your users, detect potential risks affecting
the health of your environment, troubleshoot issues preventing your users from getting their work done.
|
With Premium P2 you can get lists of users flagged for risk and risky sign-ins, you can examine the most detailed information about the underlying risk events that have been detected for each report, and configure security policies that automatically respond to configured risk levels. Also includes sign-in reports. |
| Group-based access management/provisioning | ✓ |
| Self-Service Password Reset for cloud users | ✓ |
| Company Branding (Logon Pages/Access Panel customization) | ✓ |
| Application Proxy | ✓ |
| Advanced group features
Advanced group features include dynamic groups, group creation permission delegation, group naming policy, group expiration, usage guidelines, and default classification.
|
✓ |
| Self-Service Password Reset/Change/Unlock with on-premises writeback | ✓ |
| Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back) | ✓ |
| Multi-Factor Authentication (Cloud and On-premises (MFA Server)) | ✓ |
| Microsoft Identity Manager user CAL
Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows
Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.
|
✓ |
| Cloud App Discovery
Cloud App Discovery provides a comprehensive view into your cloud app usage, enabling you to address Shadow IT. To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure AD P1
credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
|
✓ |
| Connect Health
First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring AD FS, AD Connect, and AD DS are considered separate agents.
|
✓ |
| Automatic password rollover for group accounts | ✓ |
| Conditional Access based on group and location | ✓ |
| Conditional Access based on device state (Allow access from managed devices) | ✓ |
| 3rd party identity governance partners integration | ✓ |
| Terms of Use | ✓ |
| SharePoint Limited Access | ✓ |
| OneDrive for Business Limited Access | ✓ |
| Identity Protection | ✓ |
| Privileged Identity Management | ✓ |
| 3rd party MFA partner integration (preview) | ✓ |
| Access Reviews | ✓ |
| Microsoft Cloud App Security integration | ✓ |
| Join a device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator BitLocker recovery | Winddows 10 only |
| MDM auto-enrollment, Self-Service BitLocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming | Winddows 10 only |
 Microsoft
Intune
Enable secure mobile productivity
|
✓ |
| Mobile Device Management
Enroll corporate and personal devices to provision settings, enforce compliance, and protect your corporate data.
|
✓ |
| Mobile application management
Enable secure mobile productivity
|
✓ |
| Integrated PC management
Enable secure mobile productivity
|
✓ |
| Integrated on-premises management
Extend your on-premises management to the cloud from a single console with Microsoft System Center Configuration Manager and Microsoft System Center Endpoint Protection integration for enhanced PC, Mac, Unix/Linux server, and mobile
device administration.
|
✓ |
 Cloud
app Security
Cloud app security discovery provides a comprehensive view into your cloud app usage, enabling you to address Shadow IT. To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure
AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
|
✓ |
| Discovered cloud apps | 16,000+ |
| Deployment for discovery analysis | Manual and automatic log upload |
| Log anonymization for user privacy | ✓ |
| Access to full Cloud App Catalog | ✓ |
| Cloud app risk assessment | ✓ |
| Cloud usage analytics per app, user, IP address | ✓ |
| Ongoing analytics & reporting | ✓ |
| Anomaly detection for discovered apps | ✓ |
| Data loss prevention (DLP) support | Cross-SaaS DLP and data sharing control |
| App permissions and ability to revoke access | ✓ |
| App permissions and ability to revoke access | ✓ |
| Policy setting and enforcement | ✓ |
| Integration with Azure Information Protection | ✓ |
| Integration with third party DLP solutions | ✓ |
| Anomaly detection and behavioral analytics | Cross-SaaS apps including Office 365 |
| Manual and automatic alert remediation | ✓ |
| SIEM connector | Alerts and activity logs for cross-SaaS apps |
| Integration to Microsoft Intelligent Security Graph | ✓ |
| Activity policies | ✓ |
 Azure
Information Protection
Control and help secure email, documents, and sensitive data that you share outside your company. From easy classification to embedded labels and permissions, enhance data protection at all times with Azure Information Protection-no
matter where it's stored or who it's shared with.
|
Plan 2 |
| Document classification
Manual, default, and mandatory document classification and consumption of classified documents
|
✓ |
| Automated and recommended data classification
Automated and recommended data classification and administrative support for automated rule sets
|
✓ |
| Hold your own key (HYOK)
Hold Your Own Key (HYOK) that spans Azure Information Protection and Active Directory (AD) Rights Management for highly regulated scenarios
|
✓ |
| Bring your own key (BYOK)
For customer-managed provisioning life cycle. Azure subscription required to use configured key for Bring Your Own Key (BYOK).
|
✓ |
| Protection for content in Microsoft services
Including content in Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business.
|
✓ |
| On-premises Windows Server file shares content protection
Azure Information Protection connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector
|
✓ |
| On-premises Exchange and SharePoint content protection
Protection for on-premises Exchange and SharePoint content via Azure Information Protection connector
|
✓ |
| On-premises automated classification
Azure Information Protection scanner for automated classification, labeling, and protection of supported on-premises files
|
✓ |
| Custom templates
Custom templates, including departmental templates
|
✓ |
| Azure Information Protection developer kit
Azure Information Protection software developer kit for all platforms- Windows, Windows Mobile, iOS, Mac OSX, and Android
|
✓ |
| Document tracking and revocation | ✓ |
| Protection for non-Microsoft Office file formats
Including PTXT, PJPG, and PFILE (generic protection)
|
✓ |
| Protected content consumption for policy-aware apps
Azure Information Protection content creation by using work or school accounts
|
✓ |
| Protected content creation
Azure Information Protection content creation by using work or school accounts
|
✓ |
| Office 365 Message Encryption | ✓ |
| Administrative control
Includes activating/deactivating the service, onboarding controls for a phased deployment, usage logging, super user capability for eDiscovery and data recovery, bulk protect/unprotect of files.
|
✓ |
| Azure Multi-Factor Authentication
Safeguard access to data and applications while meeting user demand for a simple sign-on process
|
✓ |
| Azure Rights Management
Protect corporate data by allowing more secure access to company resources and enabling safe sharing of sensitive information inside and outside your organization.
|
✓ |
| Azure Advanced Threat Protection
Protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats
|
✓ |