|
Enterprise Mobility + Security E3 |
Enterprise Mobility + Security E5 |
Includes |
Azure Active Directory Premium P1 |
Azure Active Directory Premium P2 |
Intune |
Intune |
Azure Information Protection P1 |
Azure Information Protection P2 |
Advanced Threat Analytics |
Advanced Threat Analytics |
NA |
Cloud App Security |
NA |
Azure Advanced Threat Protection |
Identity & Access Management |
Simplified access management and security ➤ Centrally manage single sign-on across devices, your datacenter, and the cloud. |
Yes |
Yes |
Multi-factor authentication ➤ Strengthen sign-in authentication with verification options, including phone calls, text messages, or mobile app notifications, and use security monitoring to identify inconsistencies. |
Yes |
Yes |
Conditional access ➤ Define policies that provide contextual controls at the user, location, device, and app levels to allow, block, or challenge user access. |
Yes |
Yes |
Risk-based conditional access ➤ Protect apps and critical data in real time using machine learning and the Microsoft Intelligent Security Graph to block access when risk is detected. |
No |
Yes |
Advanced security reporting ➤ Monitor suspicious activity with reporting, auditing, and alerts, and mitigate potential security issues using focused recommendations. |
Yes |
Yes |
Privileged identity management ➤ Provide timely, on-demand administrative access to online services with access-related reporting and alerts. |
No |
Yes |
Windows Server Client Access License (CAL) ➤ Provide each user access to server functions from multiple devices for a single fee. |
Yes |
Yes |
Managed Mobile Productivity |
Mobile device management ➤ Enroll corporate and personal devices to provision settings, enforce compliance, and protect your corporate data. |
Yes |
Yes |
Mobile application management ➤ Publish, configure, and update mobile apps on enrolled and unenrolled devices, and secure or remove app-associated corporate data. |
Yes |
Yes |
Advanced Microsoft Office 365 data protection ➤ Extend management and security capabilities across users, devices, apps, and data, while preserving a rich, productive end-user experience. |
Yes |
Yes |
Integrated PC management ➤ Centralize management of PCs, laptops, and mobile devices from a single administrative console, and produce detailed hardware and software configuration reporting. |
Yes |
Yes |
Integrated on-premises management ➤ Extend your on-premises management to the cloud from a single console with Microsoft System Center Configuration Manager and Microsoft System Center Endpoint Protection integration for enhanced PC, Mac, Unix/Linux server, and mobile device administration |
Yes |
Yes |
Information Protection |
Persistent data protection ➤ Encrypt sensitive data and define usage rights for persistent protection regardless of where data is stored or shared. |
Yes |
Yes |
Intelligent data classification and labeling ➤ Configure policies to automatically classify and label data based on sensitivity and then apply persistent protection. |
No |
Yes |
Document tracking and revocation ➤ Monitor activities on shared data and revoke access in case of unexpected events. |
Yes |
Yes |
Encryption key management per regulatory needs ➤ Choose default key management options or deploy and manage your own keys to comply with regulations. |
Yes |
Yes |
Identity Driven Security |
Microsoft Advanced Threat Analytics ➤ Detect abnormal behavior in on-premises systems and identify advanced targeted attacks and insider threats before they cause damage. |
Yes |
Yes |
Microsoft Cloud App Security ➤ Gain visibility, control, and protection for your cloud-based apps, while identifying threats, abnormal usage, and other cloud security issues. |
No |
Yes |
Azure Advanced Threat Protection ➤ Detect and investigate advanced attacks and suspicious behaviors on-premises and in the cloud. |
No |
Yes |