Microsoft has announced the immediate availability of Microsoft 365 E5 Security as a cost-effective add-on for Business Premium subscribers, marking a strategic expansion of enterprise-grade cybersecurity tools for small and medium businesses (SMBs).
The release introduces enhanced threat detection, identity protection, and SaaS security capabilities through six integrated components: Microsoft Entra ID Plan 2, Defender for Identity, Defender for Endpoint Plan 2, Defender for Office 365 Plan 2, Defender for Cloud Apps, and Microsoft Defender XDR.
This bundled offering delivers 57% cost savings compared to purchasing individual components separately, addressing growing regulatory pressures and cyber insurance requirements for SMBs.
Extended Identity and Access Governance
The upgrade from Entra ID Plan 1 to Plan 2 introduces risk-based conditional access powered by machine learning analytics that evaluates 38 trillion daily security signals.
New capabilities include real-time blocking of credential-based attacks like password sprays and automated identity lifecycle management.
IT teams can deploy preconfigured workflows for employee onboarding/offboarding, reducing manual access review processes by up to 70% through Entra ID Governance.
Behavioral analytics monitor for anomalous activities such as impossible travel scenarios, flagging compromised accounts with 98.7% accuracy in internal tests.
The integration of Microsoft Defender XDR provides cross-domain visibility by correlating data from endpoints, identities, emails, and SaaS applications.
Security operations teams gain automated incident investigation timelines through Extended Detection and Response (XDR), reducing mean time to remediation (MTTR) by 40% compared to siloed tools.
Complementing this, Identity Threat Detection and Response (ITDR) adds specialized sensors for Active Directory monitoring, detecting tactics like golden ticket attacks and DCShadow manipulations.
Enhanced Endpoint and Collaboration Security
While Business Premium includes Defender for Business with next-gen antivirus and automatic attack disruption, the E5 add-on unlocks Defender for Endpoint Plan 2 features:
- 180-day advanced hunting retention
- Custom detection rules using Kusto Query Language (KQL)
- IoT device protection modules
- Tamper-proof vulnerability management
For email and Team collaboration, Defender for Office 365 Plan 2 introduces AI-powered LLM-based threat protection, achieving 99.995% detection rates for phishing payloads.
New Attack Simulation Training modules allow administrators to conduct realistic credential harvesting campaigns using templates aligned with MITRE ATT&CK T1586.001 techniques.
The inclusion of Defender for Cloud Apps enables SMBs to inventory shadow IT applications through traffic analysis and API integrations.
Automated security posture scoring identifies misconfigurations in sanctioned SaaS tools like Salesforce and ServiceNow, providing guided remediation for OAuth permission overprovisioning and excessive data sharing.
Real-time session policies can block risky file downloads from generative AI platforms while allowing approved use cases.
Licensing and Deployment Considerations
Current Business Premium customers can purchase the E5 Security add-on through the Microsoft Security portal or certified partners.
However, mixed licensing scenarios require careful planning. Tenants combining Defender for Business (included in Business Premium) with Defender for Endpoint Plan 2 (via E5 Security) will default to the former unless all users are upgraded.
Microsoft recommends using the Microsoft 365 Streaming API to forward device telemetry to Azure Event Hubs for organizations building managed detection and response (MDR) services.
Partners can access updated deployment playbooks and customer enablement kits through the Business Premium Partner Portal.
The add-on availability comes alongside March 2025 updates to Microsoft Defender vulnerability management, including automatic prioritization of CVSS 9.0+ vulnerabilities in macOS environments.
SMBs can trial E5 Security features through a 90-day evaluation license before committing to the $23/user/month add-on pricing.
Collect Threat Intelligence on the Latest Malware and Phishing Attacks with ANY.RUN TI Lookup -> Try for free
