In May 2023, Planet launched our new YouAlreadyOwnIt Microsoft Licensing Review. We have seen a huge interest in this benefit as many of our customers have recently made the move to M365 E5/G5 for lots of business and security reasons. For some, it was about reducing costs by replacing/consolidating tools and skillsets and for others it was about simplifying their security toolbox.

The reviews have shown us that most customers have basic security in place but are overwhelmed when looking at all the capabilities in M365 E5/G5.  Customers just don’t know where to start or how to prioritize their M365 E5 /G5 rollout. For those customers looking at reducing costs by eliminating 3^rd party tools the choice is clear where to start but for others knowing where to start is a challenge.

If you’re new to Microsoft licensing check out this handy website which breaks down the licensing stacks and then provides hot links for more information on each feature.

Matrix Layout  https://m365maps.com/matrix.htm#000000000001111000000

M365 E5 Visual Layout https://m365maps.com/files/Microsoft-365-E5.htm

M365 E3 Visual Layout https://m365maps.com/files/Microsoft-365-E3.htm

Quick things to know about Microsoft Licensing

M365 E5 and M365 G5 are the same license suite but M365 E5 is the Enterprise SKU in the Commercial cloud and G5 is in the Government Community Cloud (GCC) or the GCC-High (GCCH) Cloud. It is important to remember that not all features in M365 E5 are available in G5 and GCC-High. Contact us if you have questions about this.

In this blog post, I will share some tips and best practices on how to prioritize your rollout and leverage the power of Microsoft 365 M365 E5/G5 to automate your security processes and compliance processes, improve your end-user security impact, and increase your security and compliance posture. I will also explain how Microsoft 365 M365 E5/G5 aligns with the zero trust (ZT) framework and how it helps you protect your organization from the ever-evolving cyber threats.

Our licensing review benefit has a standard delivery format but since our customers pursued M365 E5 /G5 for various reasons and are at different places in their deployment, we always start off by asking for their priorities and if they have specific interest(s) in a particular capability(ies).

Tips to approach M365 E5/G5 Your Rollout

To start your rollout journey of M365 E5/G5 you need to ask yourselves some basic questions:

• What areas of my security posture need improving?
  • Have you done a Zero Trust assessment to see what needs improving or is missing?
  • Have you looked at your Secure Score and Compliance Score?

• Do you rely on your users for enforcing or doing the right thing?
  • Do you offer yearly training?
  • Do you have legacy 3^rd party tools in place (e.g., to protect against clicks on links and attachments, perform remote management)?

• Are you looking for automation to help fill the gap(s) in security personnel levels or to streamline processes for incident management?
  • Are you overwhelmed with the number of alerts for security and incident management?
  • Do you have a legacy 3^rd party tool in place that does not provide automation or that could be replaced?

• What areas of audits do you have gaps in or need improvement?
  • Do you have persistent elevated privileges for your admins?
  • Do you review your elevated access users regularly?
  • Are you keeping your logs long enough?
  • Are you keeping evidence of your activities to show 3d party assessors?

• What tools do I have today that M365 E5 /G5 could replace to retire? And as a follow-up, when is the renewal time so you can plan and prioritize resources.
  • While E5 may not provide 100% parity, many customers are working hard to streamline their security tooling by replacing solutions for MDM (e.g., Mobile Iron™, JAMF™), email filtering (e.g., Proofpoint™ or Barracuda™), data governance and classification, encryption (e.g., Zix™), Information protection, PIM/PAM, Identity protection, MFA, SSO and CASB solutions.

As you answer the questions above, in their entirety or in portions, you will develop a good idea of where your priorities lay. Keep these three basic themes in mind as you develop those priorities: 1) Automate your security processes and compliance processes; 2) Improve your end user security impact; and 3) Increase your security posture.

1. Automate Your Security and Compliance Processes

One of the main reasons why customers pursue M365 E5 /G5 is because they realize they cannot allocate enough staff to keep up with the never-ending and sophisticated attacks happening today. Automation is the only way to scale response to the increase scale of these threats. In general, M365 E5 /G5 builds a layer of automation or risk-based solutions on top of M365 E3 /G3 products with the Plan 2 capabilities. Products like Microsoft Defender for Endpoint (MDE), Defender for Cloud Apps (MDCA), Defender for O365 (MDO), Microsoft Defender for Identity (MDI) and Microsoft Information Protection (MIP) can all be configured to provide automation or automation to reduce manual tasks, improve your use of Incident management tools and provide visibility into your Security.

Defender for Endpoint (MDE) is a great place to start and automate to help reduce alert fatigue and see immediate success.

M365 E5/G5 Areas to focus on:

– Microsoft Defender for Endpoint: Plan 2 adds Advanced Hunting, Automated Investigations, Endpoint Attack Notification, EDR and automated response, Evaluation Lab, MIP integration, Threat Analytics, Core Vulnerability Management and 6 – month Searchable Data

This is a unified endpoint security platform that delivers unparalleled protection, detection, response, and prevention capabilities for your devices. It uses the power of the Microsoft security graph to analyze billions of signals across the threat kill chain and provide you with rich insights and automated actions. It also integrates with other M365 E5 services such as Microsoft Cloud App Security, Microsoft Defender for Office 365 and Microsoft Defender for Identity to provide you with a holistic view of your security posture and a seamless remediation experience.

– Microsoft Defender for Cloud Apps (MDCA) and formerly known as Microsoft Cloud App Security (MCAS): Did you ever wish that your non-Microsoft Cloud Services provided the security features as the M365 environment? MDCA is a cloud access security broker (CASB) that gives you visibility and control over your cloud apps and services. It helps you discover unsanctioned SaaS services and assess the risk of your cloud apps, extend M365 technical controls and policies and compliance requirements to those other environments, detect and respond to anomalous activities and threats, and protect your sensitive data in the cloud. It also integrates with Microsoft Defender for Endpoint, Microsoft Defender for Office 365 and Microsoft Defender for Identity to provide you with a comprehensive cloud security solution.

– Microsoft Defender for Identity (MDI): This is an identity and access management security solution that protects your organization from identity-based attacks such as credential theft, lateral movement, privilege escalation and more. It monitors your on-premises Active Directory and Azure Active Directory activities and detects suspicious behaviors and malicious actions using behavioral analytics and machine learning. It also provides you with identity security posture assessments, risk-based conditional access policies, identity protection alerts and automated remediation actions. With the M365 E5/G5 plan 2 capabilities you can now see your users’ identity risks and respond with automation to remediate and close alerts.

– Microsoft Information Protection (MIP) and Information and Protection & Governance: These two capabilities provide a building block to many other security services.  Going to M365 E5/G5 additionally adds the following under O365 and Enterprise Mobility + Security.

Services like Customer Compliance templates, Customer Key, Data Lifecycle Management., Double Key Encryptions, Exact Data Match, Advanced Message Encryption, Records Management, Rules Based Classification, Teams Data Loss Prevention and Team DLP, Rules Based Classification On premises Scanner, App Governance and Defender for Cloud Apps,

Microsoft automated classification is a feature that allows you to apply labels and policies to your data based on its content and metadata. This can help you manage your data lifecycle, protect sensitive information, and comply with regulations. Automated classification works by using machine learning models that analyze your data and assign labels based on predefined rules or criteria. You can use the built-in models provided by Microsoft or create your own custom models using the Microsoft Information Protection SDK.

Other notable items in the E5 compliance Suite are Insider Risk Management and eDiscovery and Audit.

Insider Risk Management includes features like Customer Compliance Templates, Communication Compliance, Customer Lockbox, Information Barriers, and Privilege Access Management.

eDiscovery and Audit include Customer Compliance Templates, Audit Premium, and eDiscovery Premium.

2. Improve Your End User Security Impact

M365 E5 /G5 Areas to focus on:

– Microsoft Defender for O365 (MDO): Plan 2 adds Attack Simulation Training, Automated Investigation, and Response, Campaign Views, Compromised users detection, Threat Explorer, Threat Trackers

Unless time is of the essence due to contract expirations for 3^rd party products, we typically tell customers to start with Defender for O365 (MDO). MDO is a relatively easy configuration and provides immediate help with end-user accidental clicking and protection against phishing attacks. MDO is a cloud-based email and collaboration security solution that protects your organization from advanced threats such as phishing, malware, ransomware, business email compromise and more. It uses artificial intelligence and machine learning to detect and block malicious messages and attachments, as well as impersonation attempts and spoofing attacks. It also provides you with threat investigation and response tools, such as attack simulation training, threat explorer, threat trackers and automated incident response playbooks, to help you educate your users and respond to incidents faster and more effectively. MDO Plan2 also included in M365 E5/G5 allows for attack simulation and automated investigation and remediation.

3. Increase your security and compliance posture.

M365 E5 /G5 Areas to focus on:

Now for some low-hanging fruit. If you haven’t already done so you should set up M365 Privileged Identity Management (PIM). PIM is a feature that helps you manage the access rights of users who have administrative roles in your organization. PIM allows you to grant these roles only when needed and for a limited time, reducing the risk of unauthorized actions or security breaches. Setting up PIM can help you improve your security posture, comply with regulations, and audit the activities of privileged users.

Audit Premium is another easy feature to configure. Many people don’t realize that their O365 audit logs are by default only available for a rolling 90 days. With M365 G5 you now get the benefit of increasing that to 1 year.

Access reviews are a feature of M365 E5/G5 that allow you to review and manage the access rights of users and groups in your organization. Access reviews can help you ensure that only the right people have access to the right resources, such as apps, groups, or sites. Access reviews can also help you comply with regulatory or security requirements, such as the principle of least privilege.

How Microsoft 365 M365 E5 /G5 aligns with the zero-trust framework

Zero trust helps you prevent breaches, minimize risks, and reduce costs by applying the principles of verify explicitly, use least privileged access and assume breach. The M365 E5/G5 security suite was designed with a Zero Trust mindset and there is no other product on the market that is better positioned to handle Microsoft vulnerabilities related to O365 than Microsoft themselves. We are now seeing security threats in products like Teams, think “Teams Phisher” just out this month.  Even though this example is a socially engineered attack, when configured properly with the M365 E5/G5 security features working together, the M365 E5/G5 suite is your best bet to protect yourself against this new error of O365 threats.

M365 E5/G5 security and compliance features help you tackle the challenges of today’s complex and dynamic threat landscape by enabling you to:

– Protect: Prevent threats from reaching your endpoints, email, apps, and identity by using advanced protection capabilities such as antivirus, anti-malware, anti-phishing, anti-ransomware, anti-spoofing, app control, data loss prevention and more.

– Detect: Identify threats that have bypassed your protection layers by using advanced detection capabilities such as behavioral analytics, machine learning, anomaly detection, threat intelligence and more.

– Respond: Contain and remediate threats that have compromised your environment by using advanced response capabilities such as automated investigation, automated remediation, incident response playbooks, threat hunting and more.

– Prevent: Learn from your incidents and improve your security posture by using advanced prevention capabilities such as attack simulation training, security posture assessments, risk-based conditional access policies, identity protection alerts and more.

Conclusion

These are just some of the services that you should configure first or themes to think about your approach rolling out M365 E5/G5. As you can see, M365 E5/G5 is a powerful solution that can help you automate your security processes and compliance processes, improve your end user experience, and increase your security and compliance posture. It can also help you align your organization with the zero-trust framework and protect your organization from the ever-evolving cyber threats. If you are interested in learning more about M365 E5/G5, how to get started, or want a licensing review please contact us or join us for our next office hours.