Microsoft’s Enterprise Mobility and Security, also known as EMS, is suite of tools that provide extra control over your company’s data. There are two versions for the enterprise: E3 and E5. This blog article will dig a little bit into the differences between them.
Before getting started, I highly recommend you read: What is Microsoft EMS? For a quick overview of the four products that are included in Microsoft EMS:
Microsoft EMS E3
Microsoft EMS E3 is the “original” version of EMS. It includes The “P1” versions of Azure Active Directory and Azure Information Protection. It also includes Microsoft Intune and Microsoft Advanced Threat Analytics.
Essentially, Microsoft EMS E3 contains the “base” version of the 4 products included in EMS.
Microsoft EMS E5
Microsoft EMS E5 contains everything in EMS E3 with three additions:
- You now get the “P2” Version of Azure Active Directory. It contains “new Identity Protection and Privileged Identity Management” capabilities. These new functions help protect against identity theft, and provide additional usage data on admin actions.
- You now get the “P2” Version of Azure Information Protection. It adds automatic classification to your feature list. This means documents canbe automatically encrypted, rather than the only available “manual” encryption method in P1.
- Microsoft’s new Cloud App Security – this can help you discover the cloud apps in use in your network, and control access to those apps. (For instance, it will inform you of which 3rd party services an employee may be using without authorization).
Comparison of Enterprise Mobility and Security E3 and E5
Feature | EMS E3 | EMS E5 |
Azure Active Directory | P1 | P2 |
Microsoft Intune | Included | Included |
Azure Information Protection | P1 | P2 |
Advanced Threat Analytics | Included | Included |
Cloud App Security | | Included |
Price ($US/user/month) | $9 Contact Us to Buy | $15 Contact Us to Buy |
Here is a graphic from Microsoft:
EMS E3 or E5: Which One is Right For You?
It is recommended that you take an in-depth look at the additional EMS E5 features before making a choice. Here are a few questions to guide you:
- Do you want Azure Active Directory to provide you with extra data regarding potential identity theft in your organization?
- Do you want Azure Active Directory to provide you with extra data regarding the actions that administrators take in your account?
- Do you want Azure Information Protection to automatically encrypt your files? Otherwise, your protection settings can only be added manually.
- Do you want control over the external cloud applications that your employees use?
If you answered “yes” to any of the questions above – and having this capability is worth an extra $6/user/month – consider EMS E5.
Two More Tips
Also keep in mind that there are over 27,000 enterprise EMS customers, and virtually all of them are on E3 at the time of this post. That is because E5 is a new product, only just introduced by Microsoft. EMS E3 is not an “inferior” product by any stretch of the imagination.
Finally, the version of EMS that you choose has nothing to do with the Office 365 Versionthat you choose. That is a question we’ve come across once or twice.
18 Warning Signs You Need The Cloud
If your business experiences these red flags, your diagnosis is clear: time to adopt the cloud!
Get the Report
FAQs
What is the difference between EMS E3 and E5? EMS E3 is the standard tier, while EMS E5 is the advanced tier of Microsoft's Enterprise Mobility Security suite. E5 includes additional features such as Azure AD Premium P2, Windows Defender Advanced Threat Protection, and Office 365 Data Loss Prevention.
What is the difference between Microsoft E5 and E3? ›
E5 contains higher threat protection, security management, privileged access management, customer lockbox and advanced eDiscovery. While E3 will keep your organisation safe, E5 protects you against a wider variety of threats and makes compliance much easier.
What is the difference between Azure information protection E3 and E5? ›
There is not much difference between E3 and E5 when it comes to AIP, however E5 includes with more features. You can find more information by following this link => Microsoft 365 guidance for security & compliance - Service Descriptions. There is the comparison of O365, AIP Plan 1 and AIP Plan 2.
What is an EMS E3 license? ›
Enterprise Mobility + Security E3 includes Azure Active Directory Premium P1, Microsoft Intune, Azure Information Protection P1, Microsoft Advanced Threat Analytics, Azure Rights Management (part of Azure Information Protection) and the Windows Server CAL rights.
Why upgrade from E3 to E5? ›
Upgrading from E3 to E5 provides advanced security features, superior compliance measures, advanced business analytics capabilities, AI tools, expanded collaborative and communication tools and an overall enhanced user experience, to name just a few important upgrades.
How do I upgrade my EMS E3 to E5? ›
You need to remove the E3 licenses and purchase the E5 licenses. There is no option to directly upgrade the license from E3 to E5.
Do all users need an E5 license? ›
The E5 license is the most feature-packed plan, but that does not mean every user in your organization needs it. You probably don't need features like PSTN conferencing when you can use Teams. Depending on what works best, you can add certain features for specific team members while using a lower plan like E3.
Does Microsoft E3 include Office? ›
Many Office 365 plans also include the desktop version of Microsoft 365, for example, Microsoft 365 Business Standard and Office 365 E3.
Does an E5 license include Visio? ›
Currently, our non-profit plans—E1, E3, E5, Business Basic, and Business Standard—are offered at discounted prices to non-profit organizations. Each of these Microsoft 365 plans will include this new lightweight web app we're calling Visio in Microsoft 365. Compare Microsoft 365 and Office 365 offers for nonprofits.
Does EMS E3 include defender for endpoint? ›
Explore the comprehensive security capabilities in Microsoft Defender for Endpoint P1, included with Microsoft 365 E3, and Microsoft Defender for Endpoint P2, included with Microsoft 365 E5, including versions of these suites that do not include Microsoft Teams.
Security and Compliance: Microsoft 365 E5 includes several advanced security and compliance features that are not available in Microsoft 365 E3. These include Microsoft Defender for Endpoint, Microsoft Cloud App Security, Microsoft Information Protection, and Advanced Threat Analytics.
What is the difference between E3 DLP and E5 DLP? ›
An E5 License allows for automation when compared to E3 which does not. Notable Features with Microsoft Office E3 Licenses: Apply sensitivity labels manually in Microsoft 365 Apps using built-in labeling, in Office for the Web and Office Mobile, and in SharePoint sites, Teams, and M365 Groups.
Does E5 license include EMS? ›
The Microsoft 365 Enterprise E3 and E5 solutions offer not only EMS, but Microsoft 365 Apps, unlimited OneDrive storage for subscriptions with 5 or more users, Microsoft Teams, and numerous other tools like Power Automate and Power Apps.
What are the benefits of EMS E3? ›
Improved Security: EMS E3 helps in safeguarding data, devices, and identities, reducing the risk of data breaches and unauthorised access.
What is Microsoft EMS? ›
Cloud-based security solution that identifies, detects, and investigates advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Secure Score. Intelligent insights and guidance that help maximize your security posture with Microsoft 365 and Azure.
What is the difference between EOP E3 and E5? ›
E3 provides the full suite of enterprise functionality with Office applications (Word, Excel, PowerPoint, etc.) and additional security functionality. E5 is the most advanced package, with all the features of E3, alongside advanced email security functionality, analytics, and phone systems.
What is the difference between E3 and E5 records management? ›
An E5 License allows for automation when compared to E3 which does not. Notable Features with Microsoft Office E3 Licenses: Apply sensitivity labels manually in Microsoft 365 Apps using built-in labeling, in Office for the Web and Office Mobile, and in SharePoint sites, Teams, and M365 Groups.
What is the difference between E3 and E5 ATP? ›
Speaking of security features, the main difference regarding security, between Windows 10 E3 & E5 is that E5 includes Microsoft Defender for Endpoint. FYI, Endpoint is the same thing as Microsoft Defender ATP and Windows Defender ATP, Microsoft just keeps changing the name, making it confusing.