Locations

Resources

Careers

Contact

Contact us

Microsoft Security Solutions Licensing

Maximizing Value from Microsoft Security Licenses: Use What You Already Own

Maximizing Value from Microsoft Security Licenses

Maximizing Value from Microsoft Security Licenses

Stop Paying for Security Tools You Don’t Use

Many enterprises own Microsoft 365 E5 security bundles but use only a fraction of the features. Critical security tools included with E5 often sit idle.

This means organizations pay for capabilities they aren’t actually leveraging.

It’s common to see companies buy E5 for its advanced security, then continue paying for separate third-party solutions covering the same needs. Read our overview for Microsoft Security Solutions Licensing.

This overlap of Microsoft tools and external tools is wasted spend. In other words, you’re paying twice for the same protection and missing out on ROI.

A shelfware problem emerges when Microsoft E5 security utilization is low. Unused features in Microsoft 365 become a sunk cost with no return.

The good news is that with a focused plan, you can start using those included security features and eliminate redundant systems. This approach directly improves your Microsoft license ROI.

Inventory: What Security Features Come with Microsoft E5

Microsoft 365 E5 includes a comprehensive suite of security technologies.

Key Microsoft 365 E5 security tools available in an E5 (or E5 Security) license are:

  • Microsoft Defender for Endpoint (EDR/AV): An advanced endpoint detection and response platform with built-in antivirus. It monitors devices for threats and provides EDR capabilities comparable to those of top third-party endpoint security solutions.
  • Microsoft Defender for Office 365: Email and collaboration security for Exchange Online, Teams, SharePoint, and OneDrive. It offers phishing protection, malware scanning, attack simulation training, and other advanced email security defenses.
  • Azure AD Premium P2: Full identity and access management featuring multi-factor authentication (MFA), conditional access policies, identity protection alerts, and privileged identity management. This enables strong authentication and identity security without needing separate MFA services.
  • Microsoft Cloud App Security (Defender for Cloud Apps): A Cloud Access Security Broker (CASB) that discovers and monitors cloud app usage. It identifies shadow IT, provides app governance, and protects data across SaaS applications.
  • Microsoft Intune (Endpoint Manager): Device and mobile device management (MDM) for PCs and mobile devices. Intune enforces security policies on devices, manages configurations, and ensures that only compliant, secure devices have access to corporate data.

Note that the Enterprise Mobility + Security E5 (EMS E5) bundle overlaps heavily with these features.

In fact, the Microsoft 365 E5 Security add-on essentially includes EMS E5’s identity, device, and cloud security tools plus Office 365 threat protection.

If you have Microsoft 365 E5 (or the E5 Security add-on), you likely already own all of the above capabilities.

For more insights, E5 Security Bundle vs Standalone Licenses: Finding the Most Cost-Effective Mix.

Identifying Redundant Third-Party Tools

Next, take stock of any redundant third-party security tools in your environment. Often, E5’s features overlap with external products you’re still paying for:

  • Endpoint Protection – CrowdStrike vs Microsoft Defender for Endpoint: If you use CrowdStrike or a similar EDR, it duplicates what Defender for Endpoint already offers. Running both means double-spending on endpoint security.
  • Identity/MFA – Okta or Duo vs Azure AD Premium P2: If you pay for a third-party identity or MFA provider (Okta, Duo, etc.), it overlaps with Azure AD Premium P2. AAD P2 already provides SSO, MFA, and conditional access, so an extra identity service wastes budget.
  • Cloud App Security – Netskope vs Microsoft Defender for Cloud Apps: Paying for a separate CASB like Netskope while E5 includes Defender for Cloud Apps is redundant. Microsoft’s CASB covers app discovery, shadow IT control, and SaaS threat protection.
  • SIEM – Splunk vs Microsoft Sentinel: Many organizations still pay for Splunk or another SIEM, even though Microsoft offers its own cloud-native SIEM (Microsoft Sentinel) integrated with E5. Consolidating on Sentinel can trim costly third-party SIEM licenses and simplify security monitoring.

Each of these overlaps erodes your security license cost savings. Every dollar spent on an outside tool that replicates an E5 feature is a dollar of ROI lost.

By identifying these redundancies, you can target which contracts to retire and focus on using the built-in Microsoft tools.

Pilot and Replace: Proving Microsoft’s Security Capabilities

It’s understandable to be cautious about switching critical security controls. The best approach is to pilot the Microsoft E5 tools in parallel with your existing solutions and gather evidence.

Run a controlled deployment of Defender for Endpoint on a subset of devices while still using your current endpoint security on others.

Likewise, test Azure AD P2’s MFA and conditional access with a small user group alongside your third-party identity provider.

Evaluate the outcomes closely. Did Microsoft’s tools detect threats or block attacks effectively, and was the user experience acceptable?

Often, you’ll find the E5 security tools perform on par with the legacy ones. Use the pilot data to demonstrate that Microsoft’s defenses are “good enough” or even superior.

This proof builds confidence to fully replace the third-party products.

When results look positive, you can move into a phased replacement. Swap out the external solution for the Microsoft equivalent one step at a time.

For example, decommission the old antivirus/EDR after Defender is running smoothly, then cut over fully to Azure AD once MFA and single sign-on are working for all users.

The pilot-and-replace approach ensures you maintain protection during transitions and have real-world validation for stakeholders.

Commercial insights, Negotiating Microsoft Security Products: Bundle Deals and Discounts.

Adoption and Training: Unlocking Hidden Value

One reason many E5 features remain unused is the complexity of adopting them. Your IT team might be unfamiliar with configuring these tools or lack the time to implement them fully.

Overcome this by investing in adoption and training.

Administrators should receive hands-on training for each E5 security component so they know how to enable and configure it effectively.

Don’t try to boil the ocean by turning on everything at once. Instead, build a security feature adoption roadmap and tackle each capability one at a time, allowing for proper rollout.

For instance, start with enforcing MFA via Azure AD Premium P2.

Next, deploy Microsoft Defender ATP (Defender for Endpoint) across devices.

Then introduce Cloud App Security policies to manage shadow IT.

Gradual adoption prevents overload and ensures each feature is optimally configured and monitored.

End-user awareness is also important. If you roll out attack simulation training or new MFA requirements, communicate the reasons and provide guidance.

The more comfortable your admins and users are with these tools, the more value you’ll get from the suite.

Many features only reveal their hidden value once fully activated and integrated into your operations.

Leveraging Microsoft FastTrack and Workshops

You don’t have to go it alone when ramping up E5 security features. Microsoft offers FastTrack workshops and deployment assistance for qualifying customers, typically at no extra cost for those with sufficient license volume.

For example, Microsoft can run a Defender for Endpoint rollout workshop or guide your team through configuring Azure AD Identity Protection. Take full advantage of these resources.

Microsoft experts (or certified partners) will walk you through best practices and assist in technical setup via FastTrack. This accelerates adoption and helps avoid common misconfigurations.

If you have an enterprise agreement, ensure you negotiated onboarding support in it. Microsoft and its partners often include planning services or deployment credits in large deals to help customers use the security features.

By using the provided workshops and support, you reduce strain on your internal team and get the E5 tools running correctly faster. It’s a straightforward way to unlock the full potential of what you’re already paying for.

Checklist: How to Maximize E5 Security ROI

  1. Audit Your Licenses: Catalog all E5/EMS security features included in your licenses.
  2. Map Overlaps: Identify third-party tools you have that provide similar functions.
  3. Run Pilots: Select a small group to test Microsoft’s tool (Defender, Azure AD, etc.) alongside the existing product.
  4. Replace Strategically: Decide which third-party systems to retire based on pilot success and business fit.
  5. Train Your Team: Educate admins (and users if needed) on configuring and using each E5 security feature.
  6. Use FastTrack Services: Request Microsoft deployment workshops or partner assistance to expedite feature rollout.
  7. Measure ROI: Track adoption rates and calculate cost savings from eliminated vendor contracts to demonstrate Microsoft 365 ROI optimization.

FAQ: Microsoft E5 Security Utilization

Q: Does E5 include Azure AD Premium P2?
A: Yes. Full Azure AD Premium P2 (advanced identity and MFA features) is bundled in Microsoft 365 E5, and it also comes with the E5 Security add-on license.

Q: Can I replace CrowdStrike with Microsoft Defender for Endpoint?
A: Yes. Many organizations replace CrowdStrike with Defender for Endpoint. It’s best to pilot Defender first to validate its threat coverage and performance in your environment before fully switching.

Q: What’s the difference between EMS E5 and the Microsoft 365 E5 Security add-on?
A: EMS E5 is the core security suite; the M365 E5 Security add-on includes EMS E5 plus Office 365 ATP features.

Q: Does Microsoft help with the deployment of E5 security features?
A: Yes. Microsoft FastTrack provides free deployment workshops for qualifying E5 customers to help enable these security tools.

Q: How do I prove ROI on E5 Security?
A: Show the cost savings from retiring third-party security tools and measure usage of E5’s features to demonstrate return on your E5 investment.

Q: Can I partially deploy E5 security tools?
A: Absolutely. You can roll out E5 security features gradually—for example, enable them first for specific groups or departments and expand from there.

Read about our Microsoft Advisory Services

Microsoft Security Licensing Optimize Defender & Sentinel Costs

Do you want to know more about our Microsoft Services?

Please enable JavaScript in your browser to complete this form.

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.

    View all posts