Microsoft offers various security and compliance solutions as an add-on to their Microsoft 365 suites of online services. Since not everybody in an organization has the same digital tasks and needs, you might not need additional security for all of your employees. But sometimes, you still need to license every person in your environment.
Tenant
When you use Microsoft online services, these services and the User Subscription Licenses (USL) which give you the right to use the online services are present in your own, secured digital space in Microsoft’s datacenter. This is called a ‘tenant’. Persons in the organization must have an account which is present in this tenant, to which you can assign the subscription licenses.
Office 365
Example: when one of your employees needs Office 365 E3, you purchase an Office 365 E3 USL and in the Microsoft Admin Center you assign this license to the employee. When that’s done, the employee can use the online services and software. So far nothing new, right?
Defender for Office 365
Now let us assume that you want to protect the users in your office against malicious activities in Exchange Online, SharePoint Online, OneDrive and Teams. Microsoft Defender for Office 365 is a possible solution. Maybe your factory workers don’t need this additional security. With that, you could purchase Microsoft Defender for Office 365 Plan 1 USLs for the employees in the Office, assign the licenses and use tighter security. This is an option because you can enable or disable security on a user level; on for the office workers, off for the factory workers.
Tenant wide licensing risk
The incompliance risk surfaces when you would choose Defender for Office 365 Plan 2 (higher plan, more features). With Plan 2, the security settings are on the tenant level and some of those features cannot be switched ‘off’ on user level. Examples are Threat Trackers and Automated Investigation and Response. You can find the full overview and features comparison for Defender for Office 365 Plan 1 versus Plan 2 online.
Microsoft 365 E3 versus E5
Good to know, Defender for Office 365 Plan 2 is included in Office 365 E5, Microsoft 365 E5 and Microsoft 365 E5 Security. Defender for Office 365 Plan 1 is only included in Microsoft 365 Business Premium and available as a separate subscription. Meaning that when you have a mix of ‘E3 and E5’ in your environment, the is a serious risk of being incompliant (no Plan 2 versus Plan 2 included). When you want to discover, investigate and get recommendations to prevent incompliance in the cloud, you might want to use our Microsoft 365 Optimize managed service ….
For all
The conclusion is that when you choose Defender for Office 365 Plan 2, you need licenses for every person (user) in your tenant. Defender for Office 365 is just an example. The same principle applies to the following Microsoft online services:
- Defender for Office 365 Plan 2
- Compliance Program for Microsoft Cloud
- Defender for Business (included in Microsoft 365 Business Premium!)
- Defender for Identity
Help
If you want more information or need help discovering if you are at risk, please do contact us for assistance.