Office 365 Licensing for Information Governance

Information formation governance has unique needs for enterprise content management software, including analytics, reporting, and monitoring. While Microsoft Office 365 is rapidly becoming the software suite of choice for many organizations, it doesn’t meet the information governance needs in all cases and — in cases where Office 365 can meet needs — it’s sometimes too expensive based upon the current enterprise licensing costs.

Office 365 recently revised its licensing model for enterprises:

  • E1 – Think of this as a base model car
  • E3 – Similar to a nicer model Accord: maybe has leather seats, but they’re not heated
  • E5 – The Cadillac, but likely has more tools than you actually need

Microsoft has also changed licensing models so that you can no longer give advanced e-discovery or compliance capabilities to just one group. Instead, it has to go to the whole organization if you request it for even one user. Depending on the size of your organization, this could be hundreds of thousands (or millions) of dollars to buy things that only a subset needs.

The E1 License

The Office 365 E1 license provides very basic governance functionality. You’d have to do mostly manual work, or use secondary tools that connect to Office 365 to achieve a more robust and consistent program of governance. This base level does include the Security & Compliance Center (SCC), as do all three levels, but it doesn’t include all the bells and whistles. You would have to add apps for that.

One of the biggest problems with E1 is that Microsoft limits usability — for example, you can’t use it across as many devices. Other setbacks include:

  • Limited functionality for oversight
  • Bare bones Active Directory/Identity Access Management
  • Limited capabilities for litigation holds

To get good governance with the E1 licensing level, you’d need to have a strong team of information architecture, compliance, and security personnel working together to build up the Office 365 environment with third party tools. This team would also work to set up different compliance features in the Security & Compliance Center.

Still, you’d have a big issue dealing with litigation holds. It’s hard to turn holds on and off for individuals because the E1 license requires putting a hold on the entire environment.

The E3 License

Office 365’s E3 license offers better functionality within the Security & Compliance Center, adds data loss prevention (DLP) functionality, and provides some limited archiving capabilities through the Azure Information Protection tool.

E3 gives much more access to users through expanding the number and types of devices allowed for SharePoint Online, Exchange Online, Office tools, etc. So it makes sense that Microsoft has included DLP at this level because it’s so much more important when you start accessing and/or transferring content across more devices. More devices translate to more threat vectors, and that means more security risk to deal with.

In my opinion, with E3 you get just enough to check all the “I have a governance program” boxes. But for a mature governance program, you would either need to supplement E3 with third party tools, or you would need to move on to E5. The question you’d have to answer is: What makes the most sense financially? But note, it’s not just the cost of the contracts.

The E5 License

E5 adds Advanced Compliance — a critical functionality for a mature governance program — and Advanced Threat Protection, as well as other components that are important for security or collaboration.

At a high level, the difference between the E3 and E5 is that E3 covers solid exit protection, whereas E5 adds the necessary entry protection.

Is It Worth Moving to E5?

Most organizations are already at the E3 level, and there’s a respectable amount you can do here, but it still requires some manual work or third party tools.

If you’re trying to reduce your tech stack, you could stay at E3 and then buy components from E5 at individual prices, but essentially any two of the features you add costs more than the per-user license cost. So is it worth paying for the full E5 suite?

If you move from E3 to E5, you need to:

1. Compare the tools/capabilities you have now (both E3 and third-party) to the E5 tools/capabilities. You can document this comparison in the form of a crosswalk. Involve the appropriate stakeholders:

  • eDiscovery
  • Data governance
  • Access management

2. If the E5 capability set meets your needs better than what you currently have, calculate your total costs for your current set-up (which, if on-premise, might include server costs, staff costs for maintenance and development, etc.) versus total costs for E5 (including the costs of migration — e.g., integrations that will need to be made, testing costs, early exit fees from contracts with third-party providers, staff time, etc.).

If you were to switch to E5, more than likely the costs in Year 1 would be significantly higher than successive years due to the migration activities. Consider how many years it would take to hit break-even if you make the switch.

Recommendations

We do recommend that you use as much of the Office 365 stack as possible, but don’t invest a ton of time and money into E5 if the components don’t meet the criteria.

Is Your Environment Widely Distributed?

What does your entire environment look like? Is it widely distributed across multiple repositories? Are you using both cloud and on-premise? E5 can only be deployed on an Office 365 environment. If you’re a dispersed organization relying on Box, AWS, FileNet, OpenText, etc., I would strongly argue against doing anything in E5 because many of those tools already have connectors that can pull data from Office 365. In that case, stay with E3 and use third-party tools as necessary.

Most Enterprises Should Stay With E3 for Now, but Continue to Assess E5 Periodically

I strongly recommend against going all in on E5 because there are so many components you likely won’t use.
Most organizations should stay with E3, but if there are components of E5 that look particularly appealing, develop a tightly defined criteria of success and test that component for a year. Get a passionate and experienced group of stakeholders to do that testing, and at the end of a year, evaluate whether it met your needs. You can true-up with Microsoft as necessary at the end of your contract year.

However, it should be on your roadmap to ultimately consolidate your repositories. Microsoft is frequently updating its product capabilities, and at some point the E5 product and pricing model will be good enough for that consolidation — just in time for Microsoft to start charging for storage by GB. Trust me it’s coming.

Download White Paper

Rich Medina
Matt McClelland
I’m a Principal Consultant at Doculabs, with expertise in file analytics, taxonomy, litigation research, and enterprise search.