Office 365 Licensing Scenarios Part 1

 

This is a new series on csplicensing.com called “Office 365 Scenarios.”  The goal is to provide the reader with a licensing scenario for a typical Microsoft enterprise customer.  Enjoy!

 Scenario 1

 M & A Corporation is a large private equity firm with 500 employees worldwide.  They currently have the Enterprise CAL suite under an Enterprise Agreement.  They have one datacenter for mostly Exchange and SharePoint.

Current Needs

  1. Free up IT resources to focus on other projects besides managing a datacenter
  2. Identify a cloud partner to outsource their server environment.
  3. Senior executives need to have both On Premise and cloud solution for the same device.
  4. Find a collaboration tool to enhance communication between departments.
  5. Identify a solution for compliance and legal hold and email retention.
  6. Needed the solution yesterday and do not have time to wait for their agreement to expire.

Solutions

  • Issue 1&2 – Free up IT resources/Cloud Partner – The best way for M&A to free up IT resources without jeopardizing performance is to outsource their server environment to a third party.  Office 365 plan E3 provides SharePoint, Exchange, Office Pro Plus, and Skype for Business.
  • Issue 3On-Premise and cloud deployment for the same user- Office 365 has dual access rights.  This means that if an end user who has a USL (user subscription license) has the equivalent of an on premise CAL.  It does not include the server license.  If M&A wants to continue to run on premise workloads using the dual access right, they must own the server license.  Secondly, if they want decide not to use Microsoft datacenters for Office 365, they can use their Office 365 User SLs (as covered above) to access their servers deployed on third party shared servers/datacenters via License Mobility through Software Assurance.  Again, they would need the server license with SA.
  • Issue 4Collaboration tool – Transitioning to Office 365 E3 will give them access to Skype for Business Plan 2.
  • Issue 5Compliance and Legal Hold – Office 365 E3 will give them Exchange Online 2 which includes Legal Hold; archives email for more than 10 years.
  • Issue 6Agreement doesn’t expire. Since they have the ECAL, they can use the bridge CALs to transition from on premise to cloud for workloads not offered through Office 365 (Windows/SQL).

Thanks for reading,

CSP Man

Disclaimer

The purpose of this article is for informational purposes only.  The names are fictional and created by the author’s imagination.  Any name or resemblance is pure coincidental.

Enterprise Mobility and Security (EMS)

With the big push to the cloud, the Enterprise Mobility and Security offering emphasizes Microsoft’s mobile first, cloud first strategy.  EMS focuses on three areas:

  • Hybrid and Cloud Identity – Enabled through Azure Active Directory Premium
  • Mobile Device Management -Microsoft Intune.
  • Data Protection and Security – Azure Information Protection/ MS Advance Threat Analytics.

In this article, we will review each of these offerings and how it can help your business.

Azure AD Premium

Is a single sign-on or connection that links a user to multiple applications and multiple cloud solutions including social media accounts and other SaaS applications.  Almost all organizations have different applications users access; personal and business from the same device.  Azure AD also includes a full suite of identity management capabilities including multi-factor authentication (identifies the user) , self-service password management (retrieve password) , self-service group management and security monitoring and alerting (identify threats).

Intune

One of the number one questions asked around the BYOD concept is “what happens if my employee leaves”  One of the features of Intune is Selective Wipe, which allows IT staff to wipe corporate data remotely from that device via self-service company portal or admin console, but not touch the individuals personal applications (Facebook as an example).

In addition to mobile device management, it also helps IT administrators with the ability to push company apps automatically and allow users to easily install corporate apps from the self-service company portal.

One other feature of Intune is email.  If a company wants to protect an attachment through Intune security, IT administrators can set protection parameters on that attachment that will prevent the user from copying and pasting into another application.  Let’s say you have a company spreadsheet with private financial information.  In order to prevent  the user of just copying that application into another spreadsheet or word docs, the IT admin can use Intune to prevent unauthorized distribution.

Azure Information Protection (Azure Rights Management)

Using the email example above, Azure Info Protection allows an IT admin to set permissions of who can receive not receive the email.  As an example, let’s say you send an email to a vendor with personal information, using Azure Info Protection, the sender can set a no-forward policy or even an email expiration in which the email will auto delete so no unauthorized users can access that email.

Microsoft Advance Threat Analytics 

MS Advance Threat Analytics is a preventative security measure to protect the user from unauthorized use of personal information.  A credit card is a good example.  Using behavioral analytics, Advance Threat Analytics (ATN) will notice unusual activity on a customer’s account.

How to buy

You can purchase the EMS offering through various channels and programs.  Similar to most program, buying EMS as a package is more cost competitive than buying as individual components.

Volume Licensing:  When customers who purchased Windows Server CAL, Microsoft System Center Configuration Manager, System Center Endpoint Protection and Microsoft Active Directory Rights Management Services CALs via the Microsoft Enterprise Volume Licensing agreements they will have the ability purchase the Enterprise Mobility + Security Add-on.  This is much cheaper than buying the full user license since you already made the investment in certain technologies.

CSP: When working with a CSP partner, you can either resell or consume EMS for your own internal use.  When using CSP, you either provide the support (as a CSP Direct/Tier 1 provider) or work with a distributor (CSP Indirect/Tier 2) to sell to your end customers as a managed service provider.  The cost varies depending on number of users and the support offering.

I hope this provides some insight into EMS.  More articles on this coming soon!

Thanks for reading,

CSP Man