EMS in O365 Enterprise plans

From time to time I am being consulted which security features are included in O365 Enterprise plans, so I decided to write them down:

EMS is provided as part of Microsoft 365 E3 and E5 plans, as summarized in the table below.

Product E3 plan E5 plan
Azure AD Premium P1 plan P2 plan
Intune Yes Yes
Azure Information Protection P1 plan P2 plan
Microsoft Advanced Threat Analytics Yes Yes
Cloud App Security No Yes
Configuration Manager Yes Yes

Also we have to take into account that Azure AD is the central identity store for all appplications, and that we have 3 different levels (Basic, P1 and P2). But which features are included on P1?

  • Self-service password reset
  • Write-back from Azure AD to on-premises Active Directory Domain Services (meaning your cloud and on-premises data is linked)
  • Microsoft Azure Multi-Factor Authentication (MFA) for cloud and on-premises apps
  • Conditional access based on group, location, and device state

The following feature is only included in P2

  • Conditional access based on sign-in or user risk (P2 plan only)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s