Summit 7 Blogs

Microsoft Advanced Security for CMMC: Part 1

Written by Jason Sproesser | Jun 1, 2022 1:15:00 PM

As part of their overall security and compliance strategy, aerospace and defense contractors supporting the Department of Defense (DoD) who are leveraging the Microsoft 365 E3 need to consider moving from the Microsoft 365 E3 to an E5 license. In part 1 of this blog, we're going to: 

  • Discuss the differences between the Microsoft 365 E3 and E5 license
  • Define the term "E5 uplift" and what this means for your licensing strategy
  • Determine the benefits of using the Microsoft 365 E5 license

A few of the high-level reasons organizations would consider moving from the Microsoft 365 E3 to the E5 license are: 

  • Increased visibility of the IT infrastructure across the organization 
  • Protection of sensitive data such as CUI and ITAR data with automated workflows 
  • Reduction in overall risk of cyber incidents 
  • Ability to monitor and subside cyber-attacks more accurately and effectively 
It is becoming common industry knowledge that organizations can be compliant and not be secure, but what if we could build a bridge between the security and compliance gap? 

When migrating to the Microsoft cloud, many defense contractors in the Defense Industrial Base (DIB) choose solutions strictly based on their current compliance requirements. Initial investments for organizational migrations can be substantial and leaves little room for advanced security features that carry additional costs. As a result, many aerospace and defense contractors supporting the DoD choose the Microsoft E3 Enterprise Mobility + Security (EMS) licensing to establish primary security and compliance baselines. When properly leveraged, the features of the M365 E3 EMS provide more than sufficient basic controls for organizations to establish foundational security capabilities. However, today’s cyber threat landscape is constantly evolving, and far from elementary as we have seen in recent attacks on the United States' critical infrastructure. To no surprise, organizations in the DoD supply chain rank at the top of the threat list when it comes to cyberwarfare.  

Here’s the good news: organizations can increase their overall security measures by leveraging the additional capabilities found in Microsoft 365 E5 license. Before we dive deeper, let’s start with the differences between the Microsoft 365 E3 and E5 licenses. 

What is the difference between the Microsoft E3 and E5?

Microsoft 365 E3 License 

The Microsoft 365 E3 includes productivity applications with some of the core security and compliance capabilities: improving organizational collaboration with Microsoft Teams, managing customer relationships and data workflows with different applications, giving contractors the ability to proactively protect employees, data, and customer information with great security measures. Companies have the ability to leverage applications such as Word, Excel, PowerPoint, Outlook, Sharepoint, and much more. 

Here’s the problem: visibility across an entire organization and its endpoints is limited, creating a major problem in the instances of cyber-attacks and the security and compliance protocols that are intended to prevent them. In a nutshell, it can be more difficult to secure new, and existing I.T. infrastructures if organizations in the DIB solely rely on the M365 E3.

Advanced Security: The Microsoft 365 E3 to E5 Uplift 

An “E5 Uplift” is a security boost for an existing environment with an M365 E3 EMS licensing package. Organizations can add extra layers of defense to their E3 EMS by purchasing and implementing the advanced security features and capabilities of the M365 E5. E5 uplifts do not require a complete overhaul of the existing IT infrastructure. Instead, organizations can purchase licensing upgrades to be applied to their existing environment.  

Performing an E5 Uplift allows organizations to: 

  • Address Shadow IT scenarios.  
  • Automatically protect their most sensitive data through automation.  
  • Automate investigation and remediation of attacks to endpoints.  
  • Integrate and automate threat and vulnerability management with other Microsoft solutions. 
  • Detect vulnerabilities in user identities and proactively prevent compromised identities from being abused. 
  • Actively monitor user activity across managed/unmanaged applications and apply machine learning to identify matching conditions to take appropriate actions via alerting. 
  • Assume complete control and protection over cloud apps.  
  • Maximize security returns on compliance implementations. 

What are the benefits of Microsoft Advanced Security?

Aside from the sweet Win10 OS upgrade, the main benefit of an E5 uplift is the enhanced visibility and add-on security capabilities of its featured products. In Part 2 of this blog, we'll break down a list of the products in the E5 license and how they can enhance your organization's capabilities. 

Next steps for Aerospace and Defense contractors

Developing additional layers of security is never a bad thing. Ultimately, performing an E5 uplift is a way to add layers of security on top of an already secure and compliance-capable infrastructure. These upgrades allow organizations to increase the scope of their security and visibility capabilities while decreasing their compliance workload through automated features. The features included with M365 E5 Advanced security represent the next steps organizations with M365 E3 EMS licensing should take to decrease the grey area between security and compliance. 

In part 2 of this blog, we'll get specific with what the workloads within the Microsoft 365 E5 are capable of, equipping your organization for a better security and compliance posture overall.

To perform an E3 to E5 Uplift, or for more information about Microsoft Government licensing, you can reach out to our team below. If you are an existing client of Summit 7, you can email cmmc@summit7.us or reach out directly to your Account Executive.