The Enterprise Mobility + Security (EMS) suite from Microsoft offers two primary plans: EMS E3 and EMS E5. Each plan includes a range of tools and services designed to enhance security, manage devices, and protect data. Here’s a detailed breakdown of the features and pricing for each plan:
EMS E3
Key Features:
Microsoft Intune:
- Mobile device management (MDM)
- Mobile application management (MAM)
- Device configuration, compliance policies, and reporting
Azure Active Directory Premium P1:
- Conditional access
- Multi-factor authentication (MFA)
- Self-service password reset
- Dynamic groups and group-based access management
Azure Information Protection (AIP) Plan 1:
- Data classification and labeling
- Basic data protection
- Manual and default labeling
Microsoft Advanced Threat Analytics:
- On-premises identity protection and threat analytics
Pricing:
- EMS E3: Typically around $8.80 per user per month.
EMS E5
Includes all EMS E3 features plus:
Key Features:
Microsoft Intune:
- Same comprehensive MDM and MAM capabilities as in EMS E3
Azure Active Directory Premium P2:
- All P1 features plus:
- Advanced identity protection with risk-based conditional access
- Privileged Identity Management (PIM)
- Access reviews
- Identity governance
- All P1 features plus:
Azure Information Protection (AIP) Plan 2:
- Advanced data classification and labeling
- Automatic classification and protection based on policies
- Hold Your Own Key (HYOK)
Microsoft Cloud App Security:
- Advanced threat detection and investigation
- Detailed activity logs and app discovery
- Real-time monitoring and policy enforcement
Microsoft Defender for Identity:
- Cloud-based identity protection
- Advanced threat detection with analytics and reporting
Pricing:
- EMS E5: Typically around $14.80 per user per month.
Comparison Summary
EMS E3:
- Comprehensive device management and basic identity/data protection.
- Ideal for organizations needing strong MDM, basic identity protection, and data labeling.
- Lower cost compared to EMS E5.
EMS E5:
- All EMS E3 capabilities plus advanced identity protection, threat detection, and data governance.
- Ideal for organizations requiring robust security, advanced threat analytics, and comprehensive data protection.
- Higher cost but includes additional advanced features.
Conclusion
Choosing between EMS E3 and EMS E5 depends on your organization's specific needs for security, compliance, and management capabilities:
- For robust device management, basic identity protection, and data classification at a lower cost, EMS E3 is suitable.
- For advanced security features, including risk-based identity protection, threat detection, and comprehensive data governance, EMS E5 is the better choice.
Next Steps
Evaluate Your Needs:
- Determine the specific security and management requirements of your organization.
Consider the Budget:
- Balance the need for advanced features with the available budget.
Trial and Deployment:
- Consider starting with a trial of EMS E3 or EMS E5 to evaluate the features before committing to a purchase.
Consult with a Microsoft Partner:
- Work with a Microsoft partner or reseller to get tailored advice and potential discounts based on your organization's size and requirements.
You can purchase these plans directly from the Microsoft website or through a Microsoft Cloud Solution Provider (CSP). For the most current pricing and any promotional offers, always check with an official Microsoft reseller or the Microsoft website.
