Office 365 Security Licensing and Pricing – 2019 Edition

In late 2017, I wrote a post, Office 365 Security Licensing Demystified, to help clarify the dizzying array of cloud security licensing options available from Microsoft, and how those options compare in both price and functionality to the Bitglass Next-Gen Cloud Access Security Broker. Both vendors have continued to develop their offerings, adding new features and functions, so this comprehensive update reflects those changes over the past year.

A couple of points on how to use these tables:

• The Overview table shows the addressable scope/use cases of the respective technologies – across both app support and enforcement capabilities (inline vs out-of-band). The Details table shows the details of available data protection capabilities that can be used within the addressable scope.
  • For example, if a solution doesn’t support inline data protection, none of the data protection capabilities in the second table can be applied inline. 
• The E3 and E5 options are base Office 365 enterprise license packages. Most organizations will opt for the E3 at least, since that is the first Office package that includes the traditional offline Office applications, so the table assumes E3 as the starting point. E5 includes all E3 functionality, as well as additional features.
• All of the packages marked as “add-on” are in addition to the E3 or E5 package, and they build upon one another. For example, the EMS E3 includes CAS and some additional functionality. Add-ons can be bought with either the E3 or the E5 Office license.
• All pricing is list pricing.
• Links to Microsoft’s description and pricing for each service have been included in the table for easy reference.

Takeaways from this update?

• The shift from a core group of major SaaS applications for most enterprises makes the Microsoft offering, which still only supports 7 applications, less and less relevant with each day that passes.
• Microsoft has not dropped prices on any of its offerings, continuing to provide limited functionality at a very high price.
• It remains as confusing as ever to purchase and deploy the Microsoft suite of products, with  numerous packages available and many separate tools from which to configure and deploy their security offering.

Regardless, many enterprises will at least take a look at the Microsoft offerings, and hopefully this post can make that challenge at least a bit easier, though I would recommend skipping the whole exercise and heading straight for the Bitglass CASB: