menu close
  • Back

A few years ago, most governmental organisations were signed up to Microsoft E3 licences as a standard practice.

Generally speaking, this made sense. Not only was doing so cheaper, but E5 licences didn’t have the strength of features they offer today. Often, this comes down to education, as many organisations aren’t aware of the benefits of E5 licenses or the changes Microsoft has made to enhance its security suite of products.

Today, however, security is something organisations—whether governmental or not—can’t afford to ignore, due to the evolving threat landscape. If you’re already in the Microsoft ecosystem, it makes sense to explore opportunities to take full advantage of its benefits. You may want to try looking into Microsoft 365 managed services. In particular, here’s how uplifting your licensing benefits your organisation and its security.

How E5 licences uplift your security posture

At a high level, you can think of the integrated, unified security stack of Microsoft 365 (M365) E5 products as an end-to-end security solution that secures both the whole Microsoft environment, as well as multi cloud and hybrid environments.

Upgrading your licensing grants you access to this breadth of security capabilities, as well as new security-centric features—including many that were previously only available as standalone products.

Features Gained Moving from M365 E3 to M365 E5:

  • Azure Active Directory Premium P2 (vs P1)
  • Microsoft 365 Defender
  • Microsoft 365 Defender for Endpoint P2
  • Microsoft 365 Defender for Office 365
  • Microsoft 365 Defender for Identity
  • Azure Information Protection P2 (vs P1)
  • Microsoft Defender for Cloud Apps

Full details can be found here

Additional compliance benefits gained from this transition include:

  • Rules-based automatic retention policies, machine learning-based retention, records management
  • Advanced eDiscovery, advanced audit
  • Insider Risk Management, communication compliance, information barriers, customer Lockbox, privileged access management
  • Built-in third-party connections

Features Gained Moving from M365 EMS E3 to M365 EMS E5:

  • Risk-based conditional access
  • Privileged identity management
  • Intelligent data classification and labeling
  • Microsoft Cloud App Security
  • Microsoft Defender for Identity

Full details can be found here

By gaining access to these features, your organisation benefits from:

  • Stronger identity and access management without compromising productivity
  • Stronger threat protection that’s streamlined across multiple apps and systems
  • Better protection of your sensitive information
  • Stronger compliance, resulting in easier audit preparation
  • The ability to refine who gets access to what on a more granular level

It’s important to note that some of these components may be available for purchase separately. For example, if you aren’t ready to sign up for E5, you may be able to add the E5 Security Suite to an existing E3 licence (i.e. M365 E3 + E5 Security). A qualified Microsoft Partner can help you determine the best licensing approach for your needs.

Additional benefits of upgrading from E3 to E5:

Beyond the new capabilities listed above, uplifting your licensing offers a number of other advantages. For example, in addition to improving your compliance with relevant regulations and audits, upgrading to E5 licensing can come with cost-saving benefits. 

A lot of organisations will have third-party antivirus software and an incoming mail scanner—things like that,” explains Todd Elliott, General Manager of Satalyst, part of Canon Business Services ANZ (CBS). “Replacing these pays for the uplift from E3 to E5, and you also get Identity Protection and the Risk and Compliance Suite as well.” 

As these third-party tools are taken out of the rotation, two additional advantages are conferred. First, you have the potential for a security uplift, as you minimise the risk of vulnerabilities associated with third-party software. 

At the same time, you reduce the ongoing complexity associated with managing multiple vendors and SaaS products. This can impact the way you staff your team and navigate current labour shortages. Rather than needing separate people who can manage Microsoft, TrendMicro, and McAfee, for example, standardising across the Microsoft security stack makes it easier to find talent with the right skill sets.

IT Security Checklist

Transform Your Cyber Defense: Prioritised Actions for Staying Ahead of Threats.


What holds organisations back?

Despite these clear advantages, there are a number of factors that, understandably, keep organisations from taking the next step forward.

One is the sheer size of some governmental organisations. It’s not uncommon for CBS to work with governments whose organisational structures involve thousands of users, spread across multiple agencies. Further, some of these agencies have thousands of legacy on-prem servers in place—the thought of auditing them, let alone making licensing changes, can seem daunting.

Configuration represents another challenge. As Elliott notes, “It’s easy enough to turn these features on. But they also need to be set up and configured properly. Otherwise, you’re only as secure as your setup”. 

But perhaps more pervasive is the mindset that ‘we’re not worth attacking’. The growing sophistication of modern phishing, spear phishing, and social engineering attacks immediately disproves this way of thinking. If a hacker is able to breach a lower agency and pretend to be someone within it while sending emails from one agency to another, the potential for risk and exposure is incalculable.

How to upgrade from E3 to E5 licensing

Fortunately, overcoming these challenges is not only possible, but it’s proven, given the number of organisations that have done so successfully. Once you’ve committed to making the change, the next step is actually purchasing upgraded licensing—and the good news is that this process is fairly straightforward.

Typically, government in Australia has enterprise-wide or government-wide Enterprise Agreements in place with existing pricing, though this varies by state or jurisdiction. If you don’t have an existing agreement, your next step might be purchasing more licensing from a distributor or even signing a new Enterprise Agreement. In any case, Microsoft is eager to support licensing upgrades and will likely try to make the process as easy as possible. 

Once licensing is in place, the next question you’ll need to address is how to roll out your upgrades. Many of the organisations we work with find the benefits of E5 licensing compelling, but they have a lot of features they want to upgrade, and they’re wary of doing it all at once.

In this case, we often recommend incremental upgrades or staged rollouts, planned and executed according to a roadmap that’s appropriate for your circumstances.  

  • Often, we recommend starting with InTune and making sure that we’ve got Defender for Endpoints installed and operating. This ensures all of the devices connected to your network are secured and monitored. This also allows you to see if you have any endpoints with out-of-date software on them that may have vulnerabilities. 
  • Next, we typically recommend rolling out Defender for Identity to implement privileged identity management and role-based access control.
  • After that, the progression tends to be more customised. If your organisation is cloud-only, for instance, that might set you down one path. But if you’re on-prem, that might mean moving on to implementing Defender for Servers and similar features. 

According to Elliott, however, your dedication to the process is ultimately more important than whether you go all-in or do a staged rollout. “You really need to commit to it”, he states. “It might take you a year to 18 months to do it in a phased manner. But if you just decide to do one bit, and say you'll come back later and work out what's next, you're really not going to leverage the full benefit of E5 licensing”. 

Moving forward to optimise your Microsoft investment

If all of this sounds overwhelming, don’t worry. Having the right partner on your side makes it possible to minimise complexity while streamlining new implementations in order to get the most out of your Microsoft investment.

Not only does CBS have experience assessing the application architectures of large organisations and guiding them through the uplift process, but we’ve also written a substantial volume of documentation and IP around automating deployments, removing existing products, and onboarding devices onto new environments in a way that’s compliant with government standards.

To learn more about our process for uplifting Microsoft licensing from E3 to E5, contact us to speak with one of our governmental security experts or to inquire about our exclusive Security Uplift offer.

Similar Articles


What are the advantages of Microsoft Azure

Discover the advantages of Microsoft Azure: Scalability, security, cost-efficiency, and innovation. Learn how Azure enhances operations and drives digital transformation in New Zealand.

What is Security Automation?

Learn how automated security transforms cybersecurity, making it simpler and more efficient. Protect your business data with CBS New Zealand’s expert insights now!

What are the effective Azure cost optimisation strategies

Maximize Azure efficiency for your New Zealand organisation. Reduce costs, optimize resources, and align spending with business goals using our expert strategies and tools!

What are the benefits of penetration testing?

Gain confidence in your digital security with the benefits of penetration testing. Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS New Zealand's expert insights now!

Cybersecurity Threat Detection: Proactive strategies

Stay ahead in cybersecurity with our 2024 guide on threat detection. Learn advanced technologies & response plans to protect your business against threats with CBS New Zealand.

What are the differences between Public, Private, & Hybrid Clouds

Learn about public, private, & hybrid cloud models with CBS New Zealand's expert insights now!

Navigating Information Security Frameworks

Explore essential information security frameworks to safeguard your data. Protect your business data with CBS New Zealand's expert insights now!

Ultimate guide to internal penetration testing

This Internal Penetration Testing guide covers techniques, analysis, and best practices for identifying vulnerabilities & strengthening your cyber defense in New Zealand.

RMM Meaning and its significance in IT management

Evolving technology, key benefits, and its impact on efficiency and security. protect your business data with CBS New Zealand’s expert insights now!

SIEM tools for advanced cybersecurity management

Explore our list of SIEM tools to strengthen your cybersecurity strategy. Learn about their functionalities, integration capabilities, & future trends with CBS New Zealand's expert insights now!

The Threat Intelligence Lifecycle explained

Discover how to navigate the Threat Intelligence Lifecycle in 2024. Our guide covers phases, analysis, and best practices for cybersecurity decision-making in New Zealand.

What are the latest cyber threats and defense strategies?

Enhance cybersecurity, identify vulnerabilities, and fortify your defences with CBS New Zealand's expert insights now!