Microsoft Advanced Security for CMMC: Part 1

    As part of their overall security and compliance strategy, aerospace and defense contractors supporting the DoD who are leveraging the Microsoft 365 E3 need to consider moving from the Microsoft 365 E3 to an E5 license.

    By
    3 Minutes Read

    As part of their overall security and compliance strategy, aerospace and defense contractors supporting the Department of Defense (DoD) who are leveraging the Microsoft 365 E3 need to consider moving from the Microsoft 365 E3 to an E5 license. In part 1 of this blog, we're going to: 

    • Discuss the differences between the Microsoft 365 E3 and E5 license
    • Define the term "E5 uplift" and what this means for your licensing strategy
    • Determine the benefits of using the Microsoft 365 E5 license

    A few of the high-level reasons organizations would consider moving from the Microsoft 365 E3 to the E5 license are: 

    • Increased visibility of the IT infrastructure across the organization 
    • Protection of sensitive data such as CUI and ITAR data with automated workflows 
    • Reduction in overall risk of cyber incidents 
    • Ability to monitor and subside cyber-attacks more accurately and effectively 
    It is becoming common industry knowledge that organizations can be compliant and not be secure, but what if we could build a bridge between the security and compliance gap? 

    When migrating to the Microsoft cloud, many defense contractors in the Defense Industrial Base (DIB) choose solutions strictly based on their current compliance requirements. Initial investments for organizational migrations can be substantial and leaves little room for advanced security features that carry additional costs. As a result, many aerospace and defense contractors supporting the DoD choose the Microsoft E3 Enterprise Mobility + Security (EMS) licensing to establish primary security and compliance baselines. When properly leveraged, the features of the M365 E3 EMS provide more than sufficient basic controls for organizations to establish foundational security capabilities. However, today’s cyber threat landscape is constantly evolving, and far from elementary as we have seen in recent attacks on the United States' critical infrastructure. To no surprise, organizations in the DoD supply chain rank at the top of the threat list when it comes to cyberwarfare.  

    Here’s the good news: organizations can increase their overall security measures by leveraging the additional capabilities found in Microsoft 365 E5 license. Before we dive deeper, let’s start with the differences between the Microsoft 365 E3 and E5 licenses. 

    What is the difference between the Microsoft E3 and E5?

    Microsoft 365 E3 to E5 - E3

    Microsoft 365 E3 License 

    The Microsoft 365 E3 includes productivity applications with some of the core security and compliance capabilities: improving organizational collaboration with Microsoft Teams, managing customer relationships and data workflows with different applications, giving contractors the ability to proactively protect employees, data, and customer information with great security measures. Companies have the ability to leverage applications such as Word, Excel, PowerPoint, Outlook, Sharepoint, and much more. 

    Here’s the problem: visibility across an entire organization and its endpoints is limited, creating a major problem in the instances of cyber-attacks and the security and compliance protocols that are intended to prevent them. In a nutshell, it can be more difficult to secure new, and existing I.T. infrastructures if organizations in the DIB solely rely on the M365 E3.

    Advanced Security: The Microsoft 365 E3 to E5 Uplift 

    An “E5 Uplift” is a security boost for an existing environment with an M365 E3 EMS licensing package. Organizations can add extra layers of defense to their E3 EMS by purchasing and implementing the advanced security features and capabilities of the M365 E5. E5 uplifts do not require a complete overhaul of the existing IT infrastructure. Instead, organizations can purchase licensing upgrades to be applied to their existing environment.  

    Microsoft 365 E3 to E5 - E5

    Performing an E5 Uplift allows organizations to: 

    • Address Shadow IT scenarios.  
    • Automatically protect their most sensitive data through automation.  
    • Automate investigation and remediation of attacks to endpoints.  
    • Integrate and automate threat and vulnerability management with other Microsoft solutions. 
    • Detect vulnerabilities in user identities and proactively prevent compromised identities from being abused. 
    • Actively monitor user activity across managed/unmanaged applications and apply machine learning to identify matching conditions to take appropriate actions via alerting. 
    • Assume complete control and protection over cloud apps.  
    • Maximize security returns on compliance implementations. 

    What are the benefits of Microsoft Advanced Security?

    Aside from the sweet Win10 OS upgrade, the main benefit of an E5 uplift is the enhanced visibility and add-on security capabilities of its featured products. In Part 2 of this blog, we'll break down a list of the products in the E5 license and how they can enhance your organization's capabilities. 

    Next steps for Aerospace and Defense contractors

    Developing additional layers of security is never a bad thing. Ultimately, performing an E5 uplift is a way to add layers of security on top of an already secure and compliance-capable infrastructure. These upgrades allow organizations to increase the scope of their security and visibility capabilities while decreasing their compliance workload through automated features. The features included with M365 E5 Advanced security represent the next steps organizations with M365 E3 EMS licensing should take to decrease the grey area between security and compliance. 

    In part 2 of this blog, we'll get specific with what the workloads within the Microsoft 365 E5 are capable of, equipping your organization for a better security and compliance posture overall.

    To perform an E3 to E5 Uplift, or for more information about Microsoft Government licensing, you can reach out to our team below. If you are an existing client of Summit 7, you can email cmmc@summit7.us or reach out directly to your Account Executive.

    Picture of Jason Sproesser

    Jason Sproesser

    Jason Sproesser is Director of Product Management at Summit 7. Jason's mission is to empower organizations to achieve their cybersecurity and compliance goals by simplifying complex concepts, translating them into digestible insights, and developing industry-leading offerings that help clients protect their critical data and systems from cyber threats while satisfying compliance requirements. Jason is a CMMC Certified Professional (CCP) and Provisional Instructor (PI).

    Author