top of page
Search

E3 v. E5 – What’s the Difference?

  • shannonrobinson849
  • Apr 4
  • 4 min read

Abstract purple-blue background with hexagons. Text: "E3 V. E5 What's the Difference?" and "Microsoft Partner Winner" in white. Cyclotron logo.

Author: Nathan Berger, Director of Security Professional Services 


This blog was last updated March 2025. 


Cyclotron is an expert E5 deployment partner. As part of our work, we are often asked by clients which licensing levels they need. Here, we break down a simplified guide to Microsoft 365 licensing, including the most common license options.  


You may know about https://m365maps.com/, a resource maintained by Aaron Dinnage, a Microsoft employee, to help show features in all Microsoft licenses. Although these charts are excellent, they are not easy to communicate and often miss critical details due to truncation. (For example, it might be easy to read “Microsoft Defender for Cloud Apps” but miss that this includes shadow IT analysis, protection, SaaS app usage monitoring, security activity alerting, compliance assessment, DLP, and malware protection all in one product). 


A few important notes before you interpret the tables below: 

  • This blog covers Microsoft 365 E3 v. E5, not other SKUs that use E1s, E3s, or E5s.  

  • Everything in E3 is also in E5, so the tables below only list the differences. 

  • We do not cover every feature here, so some nuanced features may be missing. We only cover the most asked-for and discussed features with our clients. 

  • Explanation of core productivity features (e.g. SharePoint, Teams, etc.) won’t be described here. Only key differences will be listed. 


Below, I’ve summarized the differences in the most common categories clients ask for.  


Security / Threat Protection 


Microsoft 365 E3 gives you basic, core protection of email, device antivirus, and device policy. In addition, it provides limited visibility for shadow IT monitoring and security posture assessment with Secure Score. 


Microsoft 365 E5 gives the Defender XDR suite. This provides an integrated defense stack across email, files, cloud identities, apps, devices, and Active Directory. Automated investigation and response are included across the stack. Several additional features include Attack Simulation Training, Threat & Vulnerability Management, AD security posture assessment, Attack Path Analysis, and much more. 

In Microsoft 365 E3, you get: 

In Microsoft 365 E5, you get everything in E3 plus these features: 

  • Basic email security in Exchange Online Protection.   

  • Basic endpoint security in Defender for Endpoint P1. Cloud-managed. No EDR included. 

  • Limited Shadow IT analysis in Cloud App Discovery. 

  • Limited security posture analysis with Secure Score. 

  • Security features on Windows desktops. 

  • Stronger, advanced email security in Defender for Office 365. Also protects SharePoint, OneDrive & Teams files & links, and M365 client apps. 

  • Attack Simulation Training, which our clients often use to replace KnowBe4 and other solutions. 

  • Full EDR protection with Defender for Endpoint P2

  • Full Shadow IT detection & prevention, and SaaS app protection in Defender for Cloud Apps. 

  • Cloud identity risk detection in Entra Identity Protection. 

  • Advanced Active Directory protection & posture assessment in Defender for Identity. 

  • Office 365 Privileged Access Management for just-in-time role escalation & management of security and compliance roles. 

  • Privileged Identity Management for just-in-time escalation and management of Entra roles, groups, and Azure roles. 

  • Full Secure Score security posture analysis. 

  • Query-based event hunting with Advanced Hunting. 

  • Discounted Sentinel costs (Microsoft’s SIEM & SOAR platform) for Defender data ingestion. 5 MB free per user per day.  

  • Even more features than listed. 

All the above features are also included in E5 Security, which does not include anything else across this blog. 


Note some commonly-requested items not included in any license above: 

  • Server protection using Defender for Server, which is priced separately from E5. 

  • SIEM and SOAR using Microsoft Sentinel, which is useful when you have network firewalls, server logs, and more. 

  • The full Threat & Vulnerability Management solution. It’s partly included in E5, but the add-on for TVM enables CIS baseline assessment, blocking vulnerable apps, and more. 

 

Compliance, Risk & Data Protection 

In Microsoft 365 E3, you get basic Purview functions. This allows for DLP and retention on most Microsoft cloud data, basic formula and keyword detections for sensitive data, and basic eDiscovery and audit features for compliance operators. 


In E5, you get a more complete version of Purview, including advanced data discovery, automatic features, machine learning, longer audit retention, compliance standard management, Insider Risk Management, Communication Compliance, and more. 

In Microsoft 365 E3, you get: 

In Microsoft 365 E5, you get everything in E3 plus these features: 

  • Basic DLP for Exchange, SharePoint & OneDrive (including Teams files, but not messages). 

  • User-driven sensitivity labels. 

  • Basic Retention for Microsoft 365 data. 

  • eDiscovery standard cases. 

  • 180 days of Audit logs. 

  • Basic email encryption. 

  • The Microsoft data protection baseline assessment in Compliance Manager. 

  • Advanced data discovery including full names, addresses, exact data match, document fingerprinting, trainable classifiers, and custom definitions that learn from your data. 

  • Advanced DLP including endpoints, on-premises file shares, Teams messages, Power BI, and third-party cloud apps. 

  • Rule-based labeling for automatic classification of sensitive data. 

  • eDiscovery Premium, including a wealth of extra legal case management features. 

  • 10 years of Audit logs. 

  • The ability to analyze third-party data through Purview connectors. 

  • Advanced email encryption, including branded templates and revocation. 

  • Up to 3 Compliance Manager automated assessments of your choice (e.g. HIPAA, ISO 27001, NIST, GDPR, etc.). 

  • Customer Lockbox, adding a permissions check before Microsoft Support can access your tenant data. 

  • Full Shadow IT detection & prevention, and SaaS app protection in Defender for Cloud Apps. (This is relevant to both Security and Compliance) 

  • Even more features than listed. 

All the above features are also included in E5 Compliance, which does not include anything else across this blog. 


The common features not included in licenses above are the Purview unified data governance solution, which aren’t in E5 as they are billed based on usage. In short, you can scan & map solutions like databases, third-party applications, Power BI sources, ChatGPT Enterprise, and more to monitor and secure them. Purview’s unified data governance allows classification, scanning, mapping, catalog searching, and policy enforcement for your broader data infrastructure estate. 


What else is different between E3 and E5? 

The Security and Compliance features make up the vast majority of the difference; however, several extra features are added in E5: 

  • Basic Access Packages to streamline app assignments. 

  • Basic Access Reviews for right-sizing permissions with automated reviews over time. 

  • Teams Phone licenses to reduce the cost of the Microsoft telephony solution in Teams. 

  • Teams Audio Conferencing, enabling dial-in options for Teams meetings. 

  • Power BI Pro, enabling sharing of Power BI reports.  

  • A few extra features relevant to specific use cases across Viva and other productivity apps. 


If you want to know more about the differences between E3 and E5, talk to innovate@cyclotron.com where we can help you understand what licensing is right for your organization’s goals. 

bottom of page