Evaluating Email Security at Each Office 365 License Level


Thought Leadership

Evaluating Email Security at Each Office 365 License Level

Dena Bauckman

Microsoft offers the core business productivity tools used by a majority of corporations today, especially with many organizations looking to move to the cloud. The Office 365 suite includes everything from business productivity tools such as Word, Excel, and PowerPoint to collaboration tools such as Skype, Sharepoint, and Yammer. Moreover, to serve the needs of diverse businesses, this productivity suite is available in four license configurations: ProPlus, E1, E3, and E5.

The most commonly used business license is the E3 license, which offers all of the productivity and collaboration tools plus basic email security and compliance capabilities. The Office 365 E5 license adds extensive management, reporting, and analytics to the suite.

Despite the comprehensive and customized licensing levels, most organizations find it necessary to add third-party solutions to get comprehensive cybersecurity — particularly with regard to email security and compliance. According to Gartner, 85 percent of all Office 365 implementers will use an additional third-party tool by 2020. Thus, organizations needing strong email security and compliance should understand the Office 365 security options available to them and consider the benefits that a third-party vendor can offer in terms of greater and more convenient email security.

Office 365 Email Security


With the email inbox under constant attack these days, the lack of comprehensive security is an issue for companies across industries. While Office 365 offers different levels of email protection depending on the specific license level, many companies find they need additional protection offered only through third-party services.

Still, it’s much easier for companies to identify their needs when they understand more deeply what the most common Office 365 license bundles do and don’t offer.

ProPlus: With ProPlus, users get access to the desktop and web version of the Office applications Word, Excel, PowerPoint, and Outlook, but they do not get a custom email domain or any of the business collaboration tools such as SharePoint, Skype, or Yammer.

E1: With the E1 license, users get web access to popular apps like Outlook, Word, Excel, and PowerPoint, as well as collaboration tools such as SharePoint and Yammer. The per user/per month fee is modest but doesn’t provide compliance tools such as data loss prevention (DLP) or archiving eDiscovery.

E3: Bolstering compliance and security, the E3 license adds data loss prevention, rights management, and email encryption capabilities. Though this license provides basic security capabilities, it doesn’t provide the level of protection most companies are looking for to combat today’s threats. There are two things this license doesn’t provide: First, strong protection against the latest phishing and malware campaigns. With today’s threats becoming more targeted and harder to detect, many companies are adding third-party services to fill the gap. Second, it doesn’t provide strong data loss prevention filters that enable companies to comply with the ever-increasing privacy regulations. Microsoft does offer add-on pricing for specific capabilities that allow companies to add on to the E3 without going all the way to an E5, but the add-on options still don’t address these concerns.

E5: This enterprise-class solution adds analytics and advanced threat protection, specifically email attachment sandboxing and URL rewriting. Although these security capabilities are important, they still don’t prevent highly targeted attacks like spear phishing and business email compromise. Essentially, this license leaves enterprises vulnerable to exactly those attacks that have the deepest consequences.

Comprehensive Email Protection for Today’s Cyber Landscape

To bolster their email security platforms, companies should instead consider working with a best-of-breed vendor like Zix to provide strong email security and compliance. Best-of-breed vendors can help you identify the missing elements in your current email security strategy and help protect you from the highly targeted attacks that are becoming so common today.

Email attacks are becoming more common, more complex, and more effective all the time. Companies must ensure they are properly protecting themselves and their employees. And while O365 is a good step in the right direction, it alone isn’t enough to combat the dynamic and targeted nature of today’s cyberattacks.