Are you buying for a business based in EU? Please enter your business VAT number to avail reverse charge. VAT will not be applied at checkout.
Note: VAT will be applicable for businesses based in the Netherlands.
Microsoft Enterprise Mobility + Security E5 is the most comprehensive cloud delivered solution for securing your company data in a mobile-first, cloud-first world.
 Included Partially Included Not included |
Enterprise Mobility + Security E5 |
|---|---|
|
Accounts and security
Security comes standard in all Microsoft products. Use these resources to get secure today and protect against future threats.
|
|
 Β Included
apps
|
|
βββ  Β
 Β Azure
Active DirectoryΒ
Azure Active Directory is a comprehensive, highly available identity and access management cloud solution that combines core directory services, advanced identity governance, and application access management. Azure Active Directory
also offers a rich, standards-based platform that enables developers to deliver access control to their applications, based on centralized policy and rules.
|
Premium P2 |
| βββββββ Directory objectsΒ
Default usage quota is 150,000 objects. An object is an entry in the directory service, represented by its unique distinguished name. An example of an object is a user entry used for authentication purposes. If you need to exceed this
default quota, please contact support. The 500K object limit does not apply for Office 365, Microsoft Intune or any other Microsoft paid online service that relies on Azure Active Directory for directory services.
|
No object limit |
| ββββUser/Group Management (add/update/delete)/ User-based provisioning, Device registration | β |
| βββββββ Single Sign-On (SSO) | Pre-integrated SaaS and developer-integrated apps, application proxy apps, self-service app integration templates. Admins can configure SSO and change user access to different SaaS apps, but SSO access is only allowed for 10 apps per user at a time. All Office 365 apps are counted as one app. |
| βββββββ B2B CollaborationΒ
Azure AD allows for B2B collaboration by enabling the use of a select set of Azure AD features to guest users. A guest user is someone outside of your organization who is invited into your Azure AD tenant. Guest users are not employees,
contractors, or onsite agents for you or your affiliates. While some features are free, for any paid Azure AD features, guest users must be licensed as follows: with each Azure AD edition license that you own for an employee or
a non-guest user in your tenant, you will also be able to invite up to five guest users to the tenant. The features you can extend to these guest users will depend on the type of Azure AD edition you purchase. There is no charge
for inviting a guest user and assigning him/her to an application in Azure AD, for up to ten apps per guest user. Other features of Azure AD 'Free' edition, such as, three basic reports, are also free for guest users. For paid
Azure AD features that are extended to guest users, the inviting tenant will need the appropriate number of Basic or Premium P1 or Premium P2 licenses to cover guest users, in the one license: five users ratio as described above.
For e.g. one Azure AD Basic license will allow for up to five guest users to be set up for Group Based Access Management and Provisioning. For the 6th guest user, you will need another Azure AD Basic license. Similarly, one Azure
AD Premium P1 license will allow for up to five guest users to use Multi-factor authentication feature (plus any Azure AD Basic features). For the 6th guest user that uses MFA, you will need a second Azure AD Premium P1 license.
|
β |
| βββββββ Self-Service Password Change for cloud users | β |
| βββββββ Azure AD ConnectΒ
Sync engine that extends on-premises directories to Azure Active Directory
|
β |
| βββββββ Security/Usage ReportsΒ
Azure Active Directory (Azure AD) reports provide a comprehensive view of activity in your environment. The provided data enables you to: determine how your apps and services are utilized by your users, detect potential risks affecting
the health of your environment, troubleshoot issues preventing your users from getting their work done.
|
With Premium P2 you can get lists of users flagged for risk and risky sign-ins, you can examine the most detailed information about the underlying risk events that have been detected for each report, and configure security policies that automatically respond to configured risk levels. Also includes sign-in reports. |
| βββββββ Group-based access management/provisioning | β |
| βββββββ Self-Service Password Reset for cloud users | β |
| βββββββ Company Branding (Logon Pages/Access Panel customization) | β |
| βββββββ Application Proxy | β |
| βββββββ Advanced group featuresΒ
Advanced group features include dynamic groups, group creation permission delegation, group naming policy, group expiration, usage guidelines, and default classification.
|
β |
| βββββββ Self-Service Password Reset/Change/Unlock with on-premises writeback | β |
| βββββββ Device objects two-way synchronization between on-premises directories and Azure AD (Device write-back) | β |
| βββββββ Multi-Factor Authentication (Cloud and On-premises (MFA Server)) | β |
| βββββββ Microsoft Identity Manager user CALΒ
Microsoft Identity Manager Server software rights are granted with Windows Server licenses (any edition). Since Microsoft Identity Manager runs on Windows Server OS, as long as the server is running a valid, licensed copy of Windows
Server, then Microsoft Identity Manager can be installed and used on that server. No other separate license is required for Microsoft Identity Manager Server.
|
β |
| βββββββ Cloud App DiscoveryΒ
Cloud App Discovery provides a comprehensive view into your cloud app usage, enabling you to address Shadow IT. To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure AD P1
credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
|
β |
| βββββββ Connect HealthΒ
First monitoring agent requires at least one license. Each additional agent requires 25 additional incremental licenses. Agents monitoring AD FS, AD Connect, and AD DS are considered separate agents.
|
β |
| βββββββ Automatic password rollover for group accounts | β |
| βββββββ Conditional Access based on group and location | β |
| βββββββ Conditional Access based on device state (Allow access from managed devices) | β |
| βββββββ 3rd party identity governance partners integration | β |
| βββββββ Terms of Use | β |
| βββββββ SharePoint Limited Access | β |
| βββββββ OneDrive for Business Limited Access | β |
| βββββββ Identity Protection | β |
| βββββββ Privileged Identity Management | β |
| βββββββ 3rd party MFA partner integration (preview) | β |
| βββββββ Access Reviews | β |
| βββββββ Microsoft Cloud App Security integration | β |
| βββββββ Join a device to Azure AD, Desktop SSO, Windows Hello for Azure AD, Administrator BitLocker recovery | Winddows 10 only |
| βββββββ MDM auto-enrollment, Self-Service BitLocker recovery, Additional local administrators to Windows 10 devices via Azure AD Join, Enterprise State Roaming | Winddows 10 only |
βββ Β
 Β Microsoft
IntuneΒ
Enable secure mobile productivity
|
β |
| βββββββ Mobile Device ManagementΒ
Enroll corporate and personal devices to provision settings, enforce compliance, and protect your corporate data.
|
β |
| βββββββ Mobile application managementΒ
Enable secure mobile productivity
|
β |
| βββββββ Integrated PC managementΒ
Enable secure mobile productivity
|
β |
| βββββββ Integrated on-premises managementΒ
Extend your on-premises management to the cloud from a single console with Microsoft System Center Configuration Manager and Microsoft System Center Endpoint Protection integration for enhanced PC, Mac, Unix/Linux server, and mobile
device administration.
|
β |
βββ Β
 Β Cloud
app SecurityΒ
Cloud app security discovery provides a comprehensive view into your cloud app usage, enabling you to address Shadow IT. To access the cloud app discovery features go to https://portal.cloudappsecurity.com/ and log in with your Azure
AD P1 credentials. Azure AD P2 customers will not need to enter credentials and will be automatically redirected.
|
β |
| βββββββ Discovered cloud apps | 16,000+ |
| βββββββ Deployment for discovery analysis | Manual and automatic log upload |
| βββββββ Log anonymization for user privacy | β |
| βββββββ Access to full Cloud App Catalog | β |
| βββββββ Cloud app risk assessment | β |
| βββββββ Cloud usage analytics per app, user, IP address | β |
| βββββββ Ongoing analytics & reporting | β |
| βββββββ Anomaly detection for discovered apps | β |
| βββββββ Data loss prevention (DLP) support | Cross-SaaS DLP and data sharing control |
| βββββββ App permissions and ability to revoke access | β |
| βββββββ App permissions and ability to revoke access | β |
| βββββββ Policy setting and enforcement | β |
| βββββββ Integration with Azure Information Protection | β |
| βββββββ Integration with third party DLP solutions | β |
| βββββββ Anomaly detection and behavioral analytics | Cross-SaaS apps including Office 365 |
| βββββββ Manual and automatic alert remediation | β |
| βββββββ SIEM connector | Alerts and activity logs for cross-SaaS apps |
| βββββββ Integration to Microsoft Intelligent Security Graph | β |
| βββββββ Activity policies | β |
βββ Β
 Β Azure
Information ProtectionΒ
Control and help secure email, documents, and sensitive data that you share outside your company. From easy classification to embedded labels and permissions, enhance data protection at all times with Azure Information Protection-no
matter where it's stored or who it's shared with.
|
Plan 2 |
| βββββββ Document classificationΒ
Manual, default, and mandatory document classification and consumption of classified documents
|
β |
| βββββββ Automated and recommended data classificationΒ
Automated and recommended data classification and administrative support for automated rule sets
|
β |
| βββββββ Hold your own key (HYOK)Β
Hold Your Own Key (HYOK) that spans Azure Information Protection and Active Directory (AD) Rights Management for highly regulated scenarios
|
β |
| βββββββ Bring your own key (BYOK)Β
For customer-managed provisioning life cycle. Azure subscription required to use configured key for Bring Your Own Key (BYOK).
|
β |
| βββββββ Protection for content in Microsoft servicesΒ
Including content in Microsoft Exchange Online, Microsoft SharePoint Online, and Microsoft OneDrive for Business.
|
β |
| βββββββ On-premises Windows Server file shares content protectionΒ
Azure Information Protection connector with on-premises Windows Server file shares by using the File Classification Infrastructure (FCI) connector
|
β |
| βββββββ On-premises Exchange and SharePoint content protectionΒ
Protection for on-premises Exchange and SharePoint content via Azure Information Protection connector
|
β |
| βββββββ On-premises automated classificationΒ
Azure Information Protection scanner for automated classification, labeling, and protection of supported on-premises files
|
β |
| βββββββ Custom templatesΒ
Custom templates, including departmental templates
|
β |
| βββββββ Azure Information Protection developer kitΒ
Azure Information Protection software developer kit for all platforms- Windows, Windows Mobile, iOS, Mac OSX, and Android
|
β |
| βββββββ Document tracking and revocation | β |
| βββββββ Protection for non-Microsoft Office file formatsΒ
Including PTXT, PJPG, and PFILE (generic protection)
|
β |
| βββββββ Protected content consumption for policy-aware appsΒ
Azure Information Protection content creation by using work or school accounts
|
β |
| βββββββ Protected content creationΒ
Azure Information Protection content creation by using work or school accounts
|
β |
| βββββββ Office 365 Message Encryption | β |
| βββββββ Administrative controlΒ
Includes activating/deactivating the service, onboarding controls for a phased deployment, usage logging, super user capability for eDiscovery and data recovery, bulk protect/unprotect of files.
|
β |
| ββ ββAzure Multi-Factor AuthenticationΒ
Safeguard access to data and applications while meeting user demand for a simple sign-on process
|
β |
| ββ ββAzure Rights ManagementΒ
Protect corporate data by allowing more secure access to company resources and enabling safe sharing of sensitive information inside and outside your organization.
|
β |
| ββ ββAzure Advanced Threat ProtectionΒ
Protect your enterprise hybrid environments from multiple types of advanced targeted cyber attacks and insider threats
|
β |