Microsoft’s 365 E5 Security License: Making the Most of Defender

If you’re a cybersecurity decision-maker, the Microsoft 365 E5 Security license offers you great opportunities to stretch your budget while optimizing your cyber defenses. 

But the Defender functionality bundled into your E5 license is just one piece of your overall cyberdefense strategy. To make the most of that bundled functionality, you must still: 

  • Fully leverage the functionality Defender provides 
  • Close all gaps in Defender’s coverage of your environment 
  • Optimize the effectiveness of your cyberdefenses beyond Defender 
  • Minimize the burdens on your internal security staff and/or outsourced SOC 
  • Exercise rigorous budget discipline so that you get maximum value from your security spend 

Here are three insights to help you achieve these critical security objectives. 


INSIGHT #1: What you get with your E5 Security license

Microsoft bundles four separate Defender solutions with the E5 license:

  • Microsoft Defender for Endpoint is an endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.
  • Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) for Azure and third-party cloud services.
  • Microsoft Defender for Identity (formerly Azure Advanced Threat Protection) monitors and protects your Active Directory deployment.
  • Microsoft Defender for Office 365 builds on Exchange Online Protection to help you guard your organization against phishing, business email compromise (BEC), and other threats.

These four solutions are invaluable as part of your broader cyberdefense strategy. And since they’re bundled with your Microsoft 365 E5 security license, the price is certainly right.


INSIGHT #2: What you don’t get with your E5 license

While E5-bundled Defender solutions deliver great value, we see organizations struggle to integrate their non-Microsoft environments and solutions (including third-party systems and cloud vendors, network security, Operational Technology (OT), Secure Access Service Edge (SASE), and more) to achieve a centralized holistic view of their total attack surface.

In fact, about 60% of the Microsoft customers we work with use at least one non-Microsoft EDR in addition to the Defender instance bundled with their E5 license.

Also, Defender doesn’t aggregate telemetry and alerts from across your organization. And because it doesn’t aggregate that data, it can’t holistically analyze it.

That’s a problem, because to successfully detect, investigate, and respond to today’s increasingly sophisticated and subtle threats, you must be able to holistically analyze all data from across your entire environment.

These two issues — gaps in coverage and the inability to analyze aggregated security data — are most relevant to your E5 license challenge.


INSIGHT #3:MDR is the smart play for most organizations

If you’re looking to complement your E5-bundled Defender functionality, a Managed Detection and Response (MDR) solution offers a superior way to extend the value of Microsoft E5 with 24×7 monitoring — preferably an MDR solution built on top of a true XDR platform. That’s because:

  • MDR adds a managed layer of service that not only monitors threats from Microsoft endpoint, cloud, email, and network sources, but across the entire IT landscape.
    MDR provides out-of-the-box detection that greatly simplifies deployment and significantly improves your team’s ability to quickly detect threat actors in your environment.
  • MDR detection is continuously fine-tuned to suppress false positives and trivial alerts.
  • MDR solutions bundle playbooks and automated response actions — enhancing your response capabilities without costing you additional budget.
  • MDR offers continuous threat hunting, always looking for the most critical threats in your Microsoft environment and beyond. MDR, if offering predictable pricing, will license on a per-node basis with a full team of experienced security analysts — making it more cost-effective and cost-stable for most organizations compared to doing it internally or with a traditional volume-based SIEM solution.

For these reasons and others, you should strongly consider investing in an MDR offering to optimally leverage your Microsoft E5 security bundle.

Secureworks® Taegis™ ManagedXDR, is the Secureworks MDR solution that is the best fit for Microsoft E5 security customers 

As you evaluate MDR solutions to complement the four Defender solutions you’re getting with your Microsoft E5 license, make sure you include Secureworks on your short list. Key reasons for doing so include:

  • ManagedXDR is an MDR solution built on the Taegis XDR platform. Taegis analytics are continually updated based on Secureworks’ globally acclaimed threat intelligence unit — ensuring that Taegis detectors keep pace with the relentlessly evolving threats you face every day.
  • The Taegis XDR platform leverages both Defender telemetry and Defender’s own built-in alerting functions — so you gain the full value of your E5 license bundle.
  • Secureworks and Microsoft integrations, along with the depth of Microsoft services, are uniquely more advanced, effective and efficient compared to others.
    ManagedXDR is operated with a global, experienced Security Operations Center (SOC) that offers the 24×7 monitoring service on top of Taegis.
  • Secureworks offers complementary adversarial testing services that enable you to discover potentially problematic shortfalls in your security stance across both your Microsoft and non-Microsoft assets. This can range from suboptimal Active Directory configurations to inappropriate use of shared passwords for privileged admin accounts — but regardless of the security pitfalls hiding in your systems, it’s better to find them now with Secureworks than later with a real threat actor.
  • Secureworks has a decades-long relationship with Microsoft that includes mutual notification of emerging security issues and numerous MCPs Microsoft Certified Professionals on Secureworks team.

The bottom line: If you’re a cybersecurity decision-maker whose organization has bought into Microsoft’s E5 licensing program, you owe it to yourself to evaluate Secureworks Taegis ManagedXDR — and to learn about all the ways Secureworks MDR can help you achieve optimum safety within your constraints of budget and staff.

Request a demo today to see how you can maximize your E5 Defender license. You can also hear principal engineer Stefan Oancea clearly explain Secureworks’ advantages by taking a quick listen to the “Let’s Talk SOC’ podcast with host Sally Eaves.


Disclaimer: this blog post was collaboratively written by Dilaco and Secureworks. By delivering comprehensive cybersecurity managed detection and response services, customized to meet client needs, Dilaco will help your boost your cybersecurity.


You might also like

Data-Centric Cybersecurity: Protecting your most valuable asset

In today’s digital age, data is arguably the most valuable asset for any organisation. From sensitive customer information to intellectual property, the data your business handles daily is a prime target for cybercriminals.   Based on the IBM Cost of a Data Breach Report 2023, the worldwide average expense of

Read More
Zero Trust beyond the network: Securing endpoints

In the ever-evolving landscape of cybersecurity, the Zero Trust model has become a critical strategy for organisations. While most discussions around Zero Trust focus on securing the network, it’s crucial to extend this philosophy to the endpoints—where threats are often most potent.   According to the Ponemon Institute (2020), 68%

Read More
Cloud migration challenges: What to take into consideration?

Cloud migration has become a dominant trend in the business world. From startups to enterprise-level corporations, organisations are increasingly recognising the benefits of migrating their operations to the cloud. However, while the promise of scalability, flexibility, and cost-efficiency is enticing, the journey to the cloud is full of challenges. In

Read More