Automate101, Level 27, PwC Tower 188 Quay Street Auckland 1010 sales@automate101.com

The battle of the Microsoft bundles, which is best and why you should take notice of Microsoft 365 Business for your SMB Customers using Citrix or RDS desktops.  In fact, you should take notice of Microsoft 365 for any of your SMB customers.

Office 365 E3 and the Hosted Desktop

Four or so years ago, Microsoft introduced a programme called the Qualified Multi-Tenant Hoster (QMTH) programme which introduced a concept called Shared Computer Activation (SCA) –  this was a revelation as it enabled qualified Service Providers using Microsoft SPLA licensing a means to deliver Office 365 Office Applications on their shared hosting platforms. 

A key benefit was that consumers of this service were able to pay once for their Office 365 plan on their hosted desktop, but also then install the Office apps on to their laptop or PC.  The value of this bundle compared to SPLA Office + Exchange + SharePoint was also much improved over SPLA.

The QMTH programme only applied to Enterprise Office SKUs – you could not install the less expensive “Business” range of products – even though the majority of the hosting companies were likely targeting SMB’s with less than 300 users.

Microsoft 365

For service providers hosting desktops – the Office 365 E3 plan provided all the core benefits needed to supplement a Remote Desktop – the Office Apps, Exchange with 100GB of storage + archiving and SharePoint as well as Enterprise GPO capabilities.   

There has recently been a set of changes to the names of the Business range of Office 365 plans like many of us, you might be confused amongst the plethora of Microsoft 365 and Office 365 product bundles and the E3, E5 naming.   

Late last year the Microsoft 365 Business plan was announced, it’s since changed it’s name to Microsoft 365 Business Premium (easily confused with Office 365 Business Premium!!).  This comes in at a price point slightly less than Office 365 E3, however Microsoft 365 Business Premium comes with the Shared Computer Activation (SCA) rights that allow it to be installed onto Remote Desktop Servers.  Although this has not yet been reflected in the QMTH programme docs it has been confirmed by our contacts at Microsoft that this can be legitimately delivered via QMTH.

Note that the Shared Computer Activation rights are not available on any other Microsoft Business plan – only the Microsoft 365 Business Premium plan.

So why Microsoft 365 Business Premium?

A large portion of our Service Provider customers operate in the Small to Medium business segment, defined by Microsoft as less than 300 users.  (Here in New Zealand 300 users is a good sized business!)  For most of these businesses Microsoft 365 provides a good combination of features at a competitive price point and in many cases a key driver behind E3 sales was that it was the only option with Shared Computer Activation! 

Quite a lot more… for Less

This table compares the high level features of Microsoft 365 Business Premium with Office 365 Enterprise E3.  You can see that Microsoft 365 Business Premium adds a lot of really good security features which will provide you with a much bigger toolkit from which to impress your customers.

Azure AD Premium

Azure AD Premium plan P1 is now part of Microsoft 365 Business Premium.  This is being rolled out at present as outlined in this Microsoft blog post Azure Active Directory Premium P1 is coming to Microsoft 365 Business.  If you wanted to add to E3 – AAD P1 is an additional $6.00 per user per month.

Some of the features in AAD P1…

Password Protection

There are good passwords and bad passwords – a bad password is one which is easy to guess.  There are globally common passwords – e.g Password123 and ones which might be specific to a company or department – e.g. Company123 or Sales199.

The Password Protection feature of Azure AD Premium evaluates passwords from a list of banned passwords and stops them from being used.  You are also able to add your own list of custom passwords which might be common within an organisation.

For more information on this feature, there is a detailed explanation in this Microsoft article : Eliminate bad passwords in your organization

Self-service password reset/change/unlock with on-premises write-back

This allows users to self-reset their passwords, this also includes the capability to reset a users Active Directory password (note that this feature requires Azure AD Connect to be deployed)

Conditional Access

This is one way to really improve security for o365 users – this allows access to resources to be controlled based on group, location and device status.  MFA can be smarter – making decisions based on conditional access policy.

Microsoft CloudApp Security

Helps with discovery and access control to cloud based applications and services.  Microsoft Cloud App Security

Other features

  • Dynamic security groups
  • More advanced SSO capabilities, including Application proxy for authenticating on-premises applications.
  • Azure AD Join: MDM Auto Enrolment
  • Security and usage reporting
  • Identity protection and governance features

Marketing brochure page for Azure AD at Microsoft is here Azure Active Directory Features

Email (Exchange Plans, Mail Archiving)

Email is a key part of both packages – these are some of the key elements that are different with these packages

Core Exchange Differences between plans

Of these features, voicemail is likely not needed for most scenarios, mailbox size of 50GB is going to be more than adequate for most and additional storage can be purchased if needed.  So DLP missing is a key one.

Advanced Threat Protection (ATP) is included with Microsoft 365 Business Premium.  This provides a number of features to help reduce the risks of users being duped by rogue emails.  This is a key feature and I would highly recommend for most businesses.

Key elements:

  • improved protection against malicious attachments and links within emails.
  • Analysis of email content to discover and prevent phishing attacks
  • Real time reports and detections of threats

Microsoft Office Apps

There are several difference in the Office applications, that may make Microsoft 365 Business Premium a deal breaker for a likely subset of users within end customers.

 

Core Office app differences between plans

Excel at Excel

Excel Power Query and Power Pivot may be a big deal to the CFO or advanced Excel users – make sure you do the analysis of Excel usage before you move users to these plans.  Remember you can mix and match plans and if needed you can always deploy Office 365 E3 or Microsoft 365 E3 to the few select users that need these features.

GPO Settings

If you are used to Office Professional Plus, this may be a sticking point for your deployment.  Although more complex, you can still use InTune or Group Policy to push out configuration changes to non-Enterprise versions of Office.

InTune

Intune has been through several iterations and numerous challenges, it has been a rough ride at times but it is maturing with continued investment and improved tie in with the Windows OS.  Azure AD and Intune are the foundations of “serverless” managed infrastructure and are becoming the backbone of end user computing for SMB’s end-user device management.

InTune is an important component of the Microsoft 365 bundle, it is a key piece of differentiation and brings the following:

  • Central management of Windows 10 devices
  • Mobile device management for Apple and Android devices
  • Application deployment and management
  • Compliance and conditional access

Windows 10 Business

Microsoft 365 Business comes with Windows 10 – this includes upgrade rights from previous versions.  So for example, if a user has a PC with Windows 10 Professional, The Microsoft 365 Business Premium subscription includes the license to upgrade the PC to Windows 10.  This includes Windows 10 AutoPilot which can be used to automatically deploy and configure new machines and upgrade existing machines.

Using Atria to provision Microsoft 365

There are a lot of features within the Microsoft 365 SKU, Atria plans for Microsoft Online allow you to configure which components are enabled for each customer, your helpdesk staff will always be able to provision the right configuration quickly and easily first time.  For more information on Atria’s capability for Microsoft Online Services take a look at our product page here.

Summary

Microsoft 365 Business has a lot of combined value when compared against Office 365 E3 with only a few subtle downsides. For businesses with less than 300 users this gives a really good opportunity to offer improved security and to also upsell professional services in implementation and ongoing management.