Microsoft 365 Licensing– Managing Compliance Risks
Let’s talk about everyone’s favorite topic: Microsoft Licensing. (OK, maybe it's just my favorite topic!) We all know that Microsoft licensing is often complex and confusing. Understanding the ever-changing rules of Microsoft licensing almost requires its own college degree – staying on top of it can be a full-time job.
In this article we share important tips about the Microsoft 365 platform to help you, 1) remain in compliance with Microsoft’s licensing rules, and 2) reduce business risks by making an informed decision when purchasing the product:
- What is Microsoft 365?
- When can licensing compliance be a concern with Microsoft 365?
- How can I reduce my business risks and increase compliance with Microsoft licensing rules?
What is Microsoft 365?
Microsoft 365 (“M365”) is a simplified, comprehensive licensing package that includes the familiar Office 365 apps and many advanced cloud service and security options designed for the varied needs of small and large organizations. M365 is provided in two primary packages:
- Microsoft 365 for Business – small to medium size companies
- Microsoft 365 for Enterprise – large enterprises
The Business and Enterprise packages are sold in “small, medium, and large” options. For example, M365 for Business is sold as Basic, Standard, and Premium, while M365 for Enterprise comes in F3 (formerly “F1”), E3, and E5. Each edition can be thought of as tailored for a certain size customer. For example, the F3 edition is designed for frontline workers (often temporary or seasonal) who need a light set of features, while E3 and E5 offer increasingly sophisticated features for more advanced user requirements.
When is Microsoft 365 Licensing Compliance a Concern?
Microsoft has become very good at selling “all you can eat” suites of products, and M365 E5 is no exception. Often, the packaged price may be somewhat cheaper compared to purchasing each individual component piece by piece. Despite the potential cost savings, for various reasons many customers choose to purchase the components separately which can lead to potential compliance risks.
This is where things start to get tricky.
If you only have one edition of Microsoft 365 in your tenant environment, then you may enjoy a certain peace of mind knowing at any time you can purchase add-on components for an extra price to cover your additional licensing needs if necessary.
However, if you currently run multiple M365 editions in your tenant (e.g., E3 and E5) then you might be exposed to risk. As one example, the Compliance Management features included in E5 are available tenant-wide. The logic is not built in to keep those features only assigned to the E5 end users, which adds compliance risk because the E5 features are also available to non-E5 users (e.g., E3). From a license auditing standpoint, this is a risky Software Asset Management scenario that justifies close monitoring by your IT staff.
Continuing the example, assume you run both M365 E3 and E5 licenses in your tenant. As discussed earlier, this means the E5 features are available tenant-wide, including to your E3 users that are assigned to a lower-level license. To help illustrate the risk, compare the following “Compliance Management” features available in E5 with the more limited features available in E3:
This points out if any of your E3 users start utilizing the higher-level E5 Compliance Management features available on your tenant (e.g., automatic retention policies, advanced eDiscovery, privileged access management, etc.), without first purchasing a separate add-on license covering that feature, then in the event of a Microsoft audit you may be found to be non-compliant.
Tips for Reducing Risks & Staying Compliant
Let’s dive deeper into the idea that higher licensing compliance risks may be associated with running multiple editions of M365 on the same tenant. The two hypothetical examples below assume that Customer A and Customer B are each running E3 and E5 editions in their tenants.
In Example 1 (below), Customer A is considered at low risk for utilizing the Compliance component features available on the tenant, because they’ve proactively purchased 290 M365 E5 Compliance add-on (currently listed at a retail price of $12 per user per month) for each of their E3 user licenses:
Example 1 – Low Risk Scenario
However, in Example 2 (below) Customer B is considered higher risk – because by adding just one E5 user to the tenant, this has made all the E5 features available to the 74 lower-level users. If Customer B’s E3 users happen to utilize the E5 features (e.g., E5 Compliance), then they may be non-compliant.
Example 2 – High Risk Scenario
To reduce the risk illustrated in Example 2 (above), Customer B has the option to proactively purchase the appropriate M365 add-on license that covers the required features. In this case, the E5 Compliance add-on can be purchased for up to 74 E3 users to cover their access to those features.
Example 2 – Reduced Compliance Risk
There you have it, in a nutshell. If you still have questions after reading this article, feel free to reach out to Stoneridge Software and we can talk through your specific licensing situation.
Planning for Success
A key mission at Stoneridge Software is helping clients make sense of Microsoft licensing by helping them review their critical decision factors and the cost options associated with choosing the right product. If you have concerns, questions, or would like to visit more on this topic please reach out to Stoneridge and one of our licensing experts will be more than happy to work with you!