Consider the Microsoft Licensing changes before you renew
Posted by notapplemaxwindows@reddit | sysadmin | View on Reddit | 31 comments
We've been having this conversation a lot this year during license renewals for Microsoft customers, and you should absolutely be considering the upcoming changes to Business, Office and Enterprise license SKUs in June before you renew and commit this year.
For example, if you are a Microsoft 365 E3 customer buying Defender for Office P1 add-on for all of your staff. Consider buying that Defender for Office P1 on a month-to-month for the next few months so you can cancel it once the features are available in Microsoft 365 E3. I don't think there will be any capabilities to merge/cancel these add-ons once they become available in the core SKUs.
Grifulkin@reddit
Business Premium and Defender Suite. Call it a day. If you need E3 >300 licenses than it's still just E3 and defender suite.
Defender Suite chefs kiss is the best license from Microsoft.
RoyalTranslators@reddit
We are running just BP right now. What are the most important features you use that come with the Defender Suite add-on?
I am thinking Risky sign-in detection? Better MS Defender for endpoint EDR features?
We are using the included base Defender for Endpoint right now and it covers what we need.
imnotaero@reddit
We're in the same licensing boat. I've found--though I can't say it's the case here--that most people don't realize that Business Premium comes with a whole host of security features (collectively, "Defender for Business") that aren't in E3.
So while the Defender Suite license seems to have a slam dunk business case for E3 licensees, it's a tougher sell to BP users on account of all the stuff they already have.
But, I post here in hopes that somebody makes a really good business case that helps me make the justification.
effedup@reddit
What about the Defender suite does it for you? Just curious.
dahdundundahdindin@reddit
Business mailboxes growing by 50GB is another big win, and allows cancellation of EXOP2 (if all they are being used for is extra space). Cloud PKI going into E5 is also a nice addition for those at the other end of the licensing spectrum.
The table on this page is a handy reference for the additions for each plan: https://www.microsoft.com/en-us/microsoft-365/blog/2025/12/04/advancing-microsoft-365-new-capabilities-and-pricing-update/?WT.mc_id=M365-MVP-9501
Random_Effecks@reddit
I heard cloud PKI is a mess. Are you using it?
KandevDev@reddit
the consolidation of Defender for Office P1 into E3 is the big one for SMB. if youre on E3 + P1 add-on you'll have 6 months of duplicate spend before MS auto-credits, which they havent committed to doing this time. month-to-month is the safer bet until the SKU list stabilizes in late June.
maevian@reddit
I think most SMB are on business premium, not E3
YisitAlwaysDNS@reddit
Yup. My only grip about BP is no Intune remediation. Way to go MS
Sinsilenc@reddit
Mine was the shared activation. We need that for vdi otherwise i wouldnt be using e3...
Visible_Spare2251@reddit
I think the most annoying thing is lack of Entra p2. Essential security features that cost more.
420GB@reddit
Entra P2 is not in E3 either I think only E5 includes it
CBJGameWorn@reddit
Wait, what? We are BP and I have several remediations working through intune. What’s the difference?
soupcan_@reddit
Do you have a Windows 10/11 Enterprise license? That’s the real requirement for remediations.
If you don’t have that, it may or may not work, but you’d be out of compliance.
Cooleb09@reddit
And all the other things that 'windows for business' breaks in Intune and one devices + all the parts of business premium that don't work because of license glitches.
freethought-60@reddit
It depends on needs and expectations but not necessarily the "size" of an "SMB", it is easy for much smaller ones to use "Business Standard" plan, if not with even more basic licenses, then, at the same time I have seen organizations classified as "SMB" due to their size, subscribe to the E3/E5 plan. What I mean is that the concept by which an organization is considered to be an "SMB" has nothing to do "with their way of conceiving and doing IT", and therefore their investments in that area.
HDClown@reddit
Enterprise SKU's is the only way to the only way to control Office Apps with any form of policy (GPO, Intune, or Cloud Policy) as that requires Apps for Enterprise. This is a stickler for me where BP has a big gap in it.
You can work around it by pushing registry keys to the direct hives in HKCU (not \policies hive though). Problem with that is a user could change desired settings right in the options off a given Office app then close/repen app for it to take effect. The setting wouldn't revert to the admin desired one until next policy refresh but would also require user to close/open Office for it to take effect.
simple1689@reddit
This is correct. SMB needs Conditional Access on Entra Free tier to be a big win
KandevDev@reddit
fair, BP is more common than E3 in true SMB. my comment was leaning enterprise. for BP customers the relevant change is the threat-prevention component bundling and the Intune remediation gap others mentioned below, both worth pricing out before renewal.
TechnologyMatch@reddit
that’s a solid nuance. BP customers often get overlooked in these licensing conversations because the spotlight is on E3/enterprise, but the bundling shift and intune remediation gap are exactly the spots where SMB pricing can swing
moldyjellybean@reddit
F these companies and their obtuse licensing. Years ago our VAR didn't know and we had to wait for the certified MS license person to hop on the call and even they were a little confused.
I feel like I live in an upside down world where everyone just takes this abusive behavior from msft, avgo etc and it gets worse and worse every year.
aes_gcm@reddit
Every business, by definition, has to take money from customers, and customers have to pay for the service. Everyone understands this, its the bare minimum that you have to clear. I can't wrap my mind around the inability of a business to describe how the transaction works.
Arudinne@reddit
Outside of Google and Microsoft, there are few good options. Hopefully with so much of the EU pissed at them and looking for alternatives that will change.
But building stuff to that scale doesn't happen overnight.
teriaavibes@reddit
Your VAR sucks lmao
saltyslugga@reddit
Month-to-month for the add-ons is the safer play until the SKU changes actually land.
Check the renewal term and cancellation rules with your CSP too, because feature entitlement changing does not mean your billing commitment magically unwinds.
We started using Suped for DMARC monitoring, and this is the kind of email infra stuff I try to keep separate from Microsoft licensing churn where possible.
Alternative-Mud-4479@reddit
It’s crazy how often I am seeing your account and another post and just randomly namedrop Suped as a DMARC solution when it’s not relevant at all.
Zealousideal-Tie5539@reddit
About this link you posted. msmessagecenter is known to be malicious. Could you pls link to a official microsoft ressource instead?
notapplemaxwindows@reddit (OP)
That's likely because it's a new domain only; you can see the official resource in your own Microsoft 365 admin center 😄
nb10001@reddit
Good call on the month-to-month for the add-ons. Locking into a year right before a SKU change is asking for wasted spend. We learned that the hard way last cycle.
dat510geek@reddit
So what about business standard plus p1, the same?
Also how do you get intune remediation separate or is that entra p2 and they change bp also in a few months . Making plans
teriaavibes@reddit
Business standard is not getting P1, it is just webapps + desktop apps.
Windows Enterprise E3+
Use Remediations to Detect and Fix Support Issues - Microsoft Intune | Microsoft Learn