Microsoft offers two versions of the Enterprise Mobility Suite (EMS) as part of the Secure Productive Enterprise Suite. In the EMS, the differences between the E3 and E5 plans become apparent in four core areas: Identity & Access Management, Managed Mobile Productivity, Information Protection and Identity-driven Security.
Both plans use Azure Active Directory for identity & access management. The premium P1 version is offered in the E3 plan, which contains all of the features included in the current Azure Active Directory Premium. The Azure Active Directory Identity Protection und Privileged Identity Management products are added to the premium P2 version of the E5 plan. Azure Active Directory Identity Protection is a security service that offers a comprehensive overview of all risk events and potential security risks concerning the identities in your organization. For instance, the product can prevent impossible geographical switches to non-typical locations, as well as the registration of anonymous IP addresses. Azure Active Directory Privileged Identity Management is used to manage, control and monitor privileged identities and their access to resources in Azure AD and other Microsoft Online Services such as Office 365 or Microsoft Intune.
Managed mobile productivity – achieved using Microsoft Intune – is another important element in the Secure Productive Enterprise Suite. Intune allows management of PCs, laptops and mobile devices, while protecting company data stored on all of this equipment. For instance, it can manage a large number of device types that use a variety of operating systems (Windows, Windows RT, Windows Phone 8, Apple iOS or Google Android), and can furthermore guarantee the configuration and distribution of security policies, software and hardware across all these devices.
Both Secure Productive Enterprise Suites use Azure Information Protection to protect sensitive data. A product created through the merger with Rights Management Service (RMS) and the acquisition of the company Secure Islands, it brings together a variety of different methodologies applied for the protection of data. In the E3 plan, this includes persistent protection firmly integrated in the file, deployment and management flexibility and other features. Secure shares of data with customers and partners outside the company are added in the E5 plan.
Other differences between the two Secure Productive Enterprise Suites are apparent in regard to identity-driven security that Microsoft has adopted within the new Secure Productive Enterprise Suite. The E3 plan uses Microsoft Advanced Threat Analytics (ATA). The ATA technology comes from the Israeli start-up Aorato, which Microsoft acquired at the end of 2014. ATA acts as a kind of intrusion detection system. Its purpose is to ensure the faster detection of intruders and attacks in company networks, as well as to reduce the vulnerable target size. To do this, ATA uses Machine Learning to evaluate the Windows events in the Active Directory, among others. Microsoft Cloud App Security is added to the E5 plan. The purpose of Cloud App Security is to safeguard and monitor cloud applications.