Office 365 (O365) Security Use-Case Series


I haven't blogged in awhile so I figured I would write a series on Office 365 (O365). My intent will be to cover a range of use cases and address them from a security monitoring and response standpoint.

I will use this page as a table of contents and update it with the use cases as they are written. I will break it up into the core O365 service offerings, which are; OneDrive, Sharepoint and Mail. I may look at some of the others, but for now, those are the ones I will look at.

My Lab Setup

  • Purchased a domain to use as my business name
  • My "business" web server is hosted on Azure, which is tied to my Enterprise O365 account
  • I have O365 Enterprise - E3
  • Two users, A Global Administrator, and a "normal" user that belongs to finance
  • Windows 10 Virtual Machine running as the "finance user" Exchange configured to the O365 mail client

Comparing E3 and E5 Licenses

The table below depicts a high level overview of some of the differences between the two licensing tiers. I only compared the security features.

Enterprise - E3 Enterprise - E5
$20 $35
Security and Compliance
  • Classifications
  • Data Loss Prevention
  • Data Governance
  • Threat Management
  • Search and Investigation
  • Reporting
Everything in E3
eDiscovery Threat intelligence
Exchange Online Protection Advanced eDiscovery
Office 365 Cloud App Security
Advanced Threat Protection

Even though E5 appears to be the right choice security wise, I decided to go with E3. The reason I decided on E3 was for a few reasons.

  • Microsoft claims E3 is the, "most popular". This means I can reach a larger audience.
  • It's hard to replicate some of the additional security feature benefits without a real enterprise network and lots of data to play with.
  • A man's gotta eat. E3 is $20 and E5 is $35, both come with annual commitments. If I went with E5 at two users, it's an extra $200 out of pocket. The two E3 licenses are already costing me $480. On top of that, I have; Azure fees, hosting fees and domain fees.

You can purchase additional add-ons as well. For example, if you wanted to stick with O365 Enterprise - E3 at $20 per user/month, and then pay for; O365 Threat Intelligence at $8 per user/month and/or Exchange Online Advanced Threat Protection at $2 per user/month you could do that, and save a bit of money versus going all out with an E5 license.

You can accomplish this via your O365 Admin page: Billing -> Purchase Services -> Select your add-ons.

More Information

In either case, you can find out more on the differences between E3 and E5 here - E3, here - E5 and here - Built-in security from Office 365. Google (Bing?) is also your friend. More than Google, the Microsoft/Office site has most of your answers.


Feel free to drop a line if you would like me to take a look at a particular use case. I do not claim to know everything about these products. If I miss something, or get something, incorrect, please let me know so I can fix it and everyone can benefit.

You can find my email address on my blog.