From time to time I am being consulted which security features are included in O365 Enterprise plans, so I decided to write them down:
EMS is provided as part of Microsoft 365 E3 and E5 plans, as summarized in the table below.
| Product | E3 plan | E5 plan |
|---|---|---|
| Azure AD Premium | P1 plan | P2 plan |
| Intune | Yes | Yes |
| Azure Information Protection | P1 plan | P2 plan |
| Microsoft Advanced Threat Analytics | Yes | Yes |
| Cloud App Security | No | Yes |
| Configuration Manager | Yes | Yes |
Also we have to take into account that Azure AD is the central identity store for all appplications, and that we have 3 different levels (Basic, P1 and P2). But which features are included on P1?
- Self-service password reset
- Write-back from Azure AD to on-premises Active Directory Domain Services (meaning your cloud and on-premises data is linked)
- Microsoft Azure Multi-Factor Authentication (MFA) for cloud and on-premises apps
- Conditional access based on group, location, and device state
The following feature is only included in P2
- Conditional access based on sign-in or user risk (P2 plan only)
Albandrod's Memory 