Microsoft 365 Business Licenses Explained: Basic, Standard, and Premium
If you're a business owner or find yourself wondering how not to overpay for a Microsoft license, choosing the right Microsoft 365 (M365) license can feel like navigating a maze. Each of the Business plans, basic, standard and premium offer different tools and security features designed to fit organisations of all sizes. The key is understanding what each plan includes, and which one aligns with your business needs.
In this article, we'll break down the main differences between these licenses, their capabilities, and when to choose each one.
And while we could go into every detail like how when you pay the extra AU$9.70 before GST to upgrade your Business basic license to standard, you unlock the power of "Clipchamp" and "Microsoft Loop".
Both of which I've never thought about until writing this blog.
It seems only fitting that we discuss the most practical use cases of what you get when subscribing to the different tiers of the M365 Business plans.
At a high-level, this is what services are listed on the Microsoft website under the three plans.
Microsoft 365 Business Basic
Well-suited to small businesses that are in the beginning stages of their journey or are utilising remote BYOD to lower costs and want to work purely in the cloud. They would require access to SharePoint for a cloud file system, Exchange for an email provider and the web versions of the well-known Word, Excel, PowerPoint and Outlook.
That covers off the services that will allow you to get work done, but what are the services that will protect you and your staff online.
And without wanting to re-write the fabled Microsoft docs over at learn.microsoft.com to say exactly every bit of security across the M365 tenant that is included. We will go over a crucial piece which is multi-factor authentication or MFA.
Which if you've already heard and read the ASD's Essential Eight guidance on MFA, it looks like:
- something users have and something users know, or
- something users have that is unlocked by something users know or are
Now with that out of the way.
The basic plan will give you access to… well Per-user MFA, not pretty, yet will get the job done.
And while when users first login to that freshly created account, they will have to sign-up a device as they get met with the usual suspect.
This is thanks to the default Microsoft managed settings of the Authentication methods | Registration campaign.
So, this will have users registered with an MFA device but not enforce the setting that provides security.
To do so, you'll have to Enable MFA for each user and make sure they are users, not service or break glass accounts, just users.
Once that's done, they will be automatically enforced and prompted when they login.
Happy days.
Microsoft 365 Business Standard
Moving onto the next tier, at an extra 107.77% of the cost of the basic license.
It is ideal for growing businesses that need the flexibility of desktop applications in addition to cloud services. Companies that are office-based or have hybrid teams that regularly work offline or handle large files that perform better with the desktop versions of Word, Excel, and PowerPoint.
A quick comparison of the two plans shows that not much has changed in regards to applications and nothing has changed in terms of security.
And then there is Business premium.
Microsoft 365 Business Premium
Premium in name and benefit, compared to standard, the premium license casts a long shadow and makes it worth the 2.65x multiplier of the basic license and almost double the cost of the standard license.
The license is designed for organisations that require security, device management, and compliance. It handles just about everything you will need when provisioning company-owned devices. Also dials up the security on all fronts regarding devices, patching, identity controls, and protection against phishing attacks.
To understand the differences between the plans a handy tool like m365maps.com can be used.
And on its own, the amount of value included is quite impressive.
The infant Entra ID Free brick becomes all grown up and looks almost the size of the basic plan in its entirety. With the Entra ID Plan 1 giving access to a litany of security controls, most importantly in this blog is the Conditional Access block. And not to be overlooked is the Intune Plan 1 for Business which handles everything needed for end user device management.
The conditional access section of Entra could probably have its own blog and a quick Google search provides plenty of evidence to that. There is a sea of resources when it comes to recommendations and best practices.
And without replicating what is already on the internet, I will just point out the hard work done by the Center for Internet Security (CIS) that has gone into creating benchmarks like the Microsoft 365 Foundations currently at version 5.0.0.
If you choose to download and read over the 484-page PDF, you will find several controls related to conditional access.
And of all policies and controls able to be configured in the conditional access panel, the CIS have outlined just a handful that will provide the security needed to keep your business secure.
A high-level view of the quick-win policies:
- MFA for all users
- A separate MFA for administrators
- Block legacy authentication
- Enable sign-in frequency
- Turn on user and sign-in risk
And of the recommended policies, the ones that are slightly harder to implement:
- Phishing-resistant MFA for administrators
- Enforcing managed devices
A trap that is more common than one might think, is that once a policy is created, Microsoft will opt to exclude the user that did so when they save changes.
Be aware when saving changes to conditional access policies because that will create a flaw in the policies and could be the entry point for a breach.
With all that said, that's a quick introduction into the world of business licenses with Microsoft, and if I were starting a business and not sure where to start, business basic would take me all the way up until my first employee.