Comparing Office 365 Licensing Plans

Office 365 Licensing Plans Compared: E1, E3, E5, and Business

Microsoft 365 offers two licensing tracks: Business plans (up to 300 users) and Enterprise plans (unlimited users). The most popular Enterprise choice is E3 at $36/user/month. E5 at $57/user/month adds the full Defender security suite and Power BI Pro. This guide compares all plans so you can choose the right tier — and avoid overpaying.

Key facts

• Business plans cap at 300 users. Enterprise plans have no user limit.
• Microsoft 365 E3 ($36/user/month) is the most common enterprise baseline — it includes desktop Office apps, 100 GB mailbox, Azure AD P1, Intune, and DLP.
• Microsoft 365 E5 ($57/user/month) adds the full Defender suite, Azure AD P2, Power BI Pro, and eDiscovery Premium.
• Business Premium ($22/user/month) is the best value for security-conscious SMBs under 300 users.
• Organizations often mix plans: E3 for standard users, E5 for IT admins and executives who need advanced security.

Business Plans vs Enterprise Plans

Choose Business plans for organizations under 300 users with simpler needs. Choose Enterprise plans for unlimited users or for advanced compliance and security requirements.

Plan	Price/user/month	Desktop Office Apps	Mailbox	User Limit
Business Basic	$6	Web/mobile only	50 GB	300
Business Standard	$12.50	Yes (+ Publisher, Bookings)	50 GB	300
Business Premium	$22	Yes + Intune, Defender	50 GB	300
Enterprise E1	$8	Web/mobile only	50 GB	Unlimited
Enterprise E3	$36	Yes	100 GB + archive	Unlimited
Enterprise E5	$57	Yes	100 GB + archive	Unlimited

Enterprise E1 vs E3 vs E5: What You Actually Get

E1 — $8/user/month

• Web and mobile Office apps (no desktop install)
• Exchange Online (50 GB mailbox)
• SharePoint, Teams, OneDrive (1 TB)
• Azure AD free tier — no Conditional Access
• No device management or advanced threat protection

E3 — $36/user/month

• Everything in E1, plus desktop Office apps
• 100 GB mailbox with unlimited archive
• Azure AD P1 — Conditional Access and MFA policies
• Microsoft Intune MDM/MAM device management
• Windows 11 Enterprise license
• DLP, sensitivity labels, eDiscovery Standard, retention policies

E5 — $57/user/month

• Everything in E3, plus:
• Full Microsoft 365 Defender suite (email, endpoint, identity, cloud apps)
• Azure AD P2 — risk-based Conditional Access, PIM
• Power BI Pro
• Audio conferencing and auto-attendant (Phone System)
• eDiscovery Premium and insider risk management
• Communication compliance and information barriers

Security Features by Plan

• E1 security — Exchange Online Protection (EOP) anti-spam/malware, per-user MFA. No Conditional Access, no endpoint management.
• E3 security — Azure AD P1 with Conditional Access, Intune MDM/MAM, manual sensitivity labels, DLP for Exchange/SharePoint/OneDrive, AIP P1.
• E5 security — Full Defender suite with automated investigation and response, attack simulation, Azure AD P2 risk-based Conditional Access, Defender for Endpoint P2, Defender for Identity, Cloud App Security.
• Business Premium security — Comparable to E3 security for SMBs, includes Defender for Business (simplified Defender for Endpoint).

Compliance Features by Plan

• E1 — Basic eDiscovery, manual retention labels only.
• E3 — Sensitivity labels, manual DLP, eDiscovery Standard, retention policies, basic audit logging.
• E5 — Auto-applied sensitivity labels, Advanced eDiscovery, insider risk management, communication compliance, information barriers, Audit Premium (6-year retention).

Licensing Optimization Strategies

Most enterprises overspend by assigning E5 licenses to all users. A tiered approach reduces cost without reducing protection.

• Tier 1 (E3): Standard knowledge workers — 70–80% of seats.
• Tier 2 (E5): IT admins, executives, finance, legal, and HR — 20–30% of seats.
• Tier 3 (E1): Frontline or kiosk workers with minimal email and file needs.
• Add-ons: Purchase Defender for Endpoint P2 or Azure AD P2 individually rather than upgrading all users to E5.

Frequently Asked Questions

What is the difference between Microsoft 365 E3 and E5?

E3 covers productivity, device management, and foundational compliance. E5 adds the full Defender security suite, advanced eDiscovery, Power BI Pro, and Azure AD P2 risk-based access controls. The gap is $21/user/month.

Do I need E5 for HIPAA or FedRAMP compliance?

Not necessarily. E3 can satisfy many HIPAA requirements with proper configuration. FedRAMP High environments require GCC High — a separate tenant, not an E5-only feature. EPC Group maps your framework to the minimum required license tier.

What does Business Premium include that E3 does not?

Business Premium is capped at 300 users and does not include Windows 11 Enterprise, unlimited archive, or advanced eDiscovery. E3 also provides Azure AD P1 with full Conditional Access, which Business Premium mirrors but with fewer policy options at enterprise scale.

When should I choose E1 over E3?

E1 fits users who only need web-based Office apps, basic email, and Teams. Common cases are frontline workers and shared-device scenarios. If users need desktop Office apps or device management, E3 is the right choice.

Can I mix E3 and E5 licenses in one tenant?

Yes. Microsoft allows per-user license mixing. Most enterprises assign E5 to high-risk roles (IT admins, finance, HR) and E3 to standard users. This is the most cost-effective compliance approach.

Optimize Your Microsoft 365 Licensing

EPC Group audits existing license assignments and identifies overspend or compliance gaps. Call (888) 381-9725 or request a licensing review.