Forum Discussion
Microsoft E5 fetaures
Is there a comprehensive overview of all features which come available if we purchase E5 licenses? Of course, a high-level overview can be found here (Microsoft 365 E5 | Advanced Security 365 | Microsoft), but I'm looking for a more detailed overview.
In addition, are there features that come available only if you purchase E5, and cannot be purchased as a standalone option?
- >>It is required to have every user licensed in the tenant. Is that (still) true?
Yes. 100%.- Hmm, based on the information within : Microsoft 365 Tenant-Level Services
Licensing Guidance
It seems, I can scope the capability to only licensed users
quote "Azure Active Directory Identity Protection
Azure Active Directory Identity Protection (AADIP) is a feature of the Azure Active Directory Premium P2 that enables you
to detect potential vulnerabilities affecting your organization’s identities, configure automated responses to detected
suspicious actions that are related to your organization’s identities and investigate suspicious incidents and take
appropriate action to resolve them.
Who is entitled to the service?
Licensed users of Enterprise Mobility + Security E5, Microsoft 365 E5, Microsoft 365 E5 Security, and Azure Active Directory
Premium Plan 2 are entitled to receive the benefit of AADIP.
How is a user benefiting from the service?
SecOps analysts and security professionals benefit from having consolidated views of flagged users and risk events based on machine learning algorithms. End users benefit from the automatic protection provided through risk-based Conditional Access and the improved security posture provided by acting on vulnerabilities.
How is the service provisioned/deployed?
By default, AADIP features are enabled at the tenant-level for all users within the tenant. For information on configuring AADIP, refer to https://docs.microsoft.com/azure/active-directory/identity-protection/enable
How can the service be applied to only users in the tenant that are licensed for the service?
Admins can scope AADIP by assigning risk policies that define the level for password resets and allowing access for licensed users only. Follow the instructions here for scoping AADIP deployments: Configure the sign-in risk policy"
The question is : while I can scope the use of risk-based conditional access to only users that are licensed, the requirements seem I need a license for all the TENANT users for Azure AD P2, as risk calculation is performed for all users in the tenant.
This creates confusion as well it feels like cross-selling practices or even forced selling practices.
- Your other option is the Microsoft Service Descriptions - https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-plan-options
- Most of the time I use the resources from https://m365maps.com/ for these type of questions
- Thanks, but this list is only related to features you can license. Within these features, there are many options to configure. For some reason, that list is not available and could only be created by investigating feature by feature to find out what options become available.
- Thanks, but this list is only related to features you can license. Within these features, there are many options to configure. For some reason, that list is not available and could only be created by investigating feature by feature to find out what options become available.
- No such detailed lists. Look at what’s included and then dig into the docs for those features.
