{"id":104253,"date":"2024-01-29T13:05:48","date_gmt":"2024-01-29T18:05:48","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=104253"},"modified":"2024-08-15T18:02:08","modified_gmt":"2024-08-15T22:02:08","slug":"is-e3-right-for-you","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/is-e3-right-for-you","title":{"rendered":"Is E3 Right for You?"},"content":{"rendered":"\n
Active Directory (AD) admins are looking to modernize or replace AD<\/a>, and Microsoft 365\u2019s E3 is an attractive option for businesses to accomplish those objectives. Entra ID is also \u201cfree\u201d and available to use. It\u2019s the prescribed path and bundles many products at one price. Reality sets in once admins recognize that its vast, vertically integrated suites of tools with apps for \u201ceverything\u201d are a mismatch for their organization and limits their flexibility. <\/p>\n\n\n\n In short, the true cost of licensing, implementing, integrating services, and training admins and users can be significant.<\/p>\n\n\n\n One needed feature can lead to the purchase of yet another entire product, creating a software monoculture that raises spending over time. Consolidating IT with one vendor also introduces inherent security risks from its platforms. Be skeptical of E3: its bundling is a sales mechanism instead of a bargain<\/a> for IT departments. IT\u2019s mission to drive business performance is lost in complexity.<\/p>\n\n\n\n The TL;DR is that E3 can homogenize your line of business apps, making it impossible to even consider using best-of-breed solutions. Its monolithic architecture obligates customers to adopt more cloud services via licensing and technical dependencies. The services seem integrated, but they\u2019re not, and considerable work is necessary to get everything to work together. <\/p>\n\n\n\n E3 also leaves security gaps and lacks controls that could prevent attacks like the password spray technique<\/a> that compromised the emails of Microsoft\u2019s top executives. You’ll have to spend more to keep your identities safe. An industry expert has also raised concerns about Microsoft monetizing security and \u201cabusing the term legacy\u201d to sell more products vs fixing its issues. Keeping your Identity Provider independent and isolating that legacy can help to mitigate risks. <\/p>\n\n\n\n Read on to learn more about these important considerations and the impacts they can have.<\/p>\n\n\n\n Individual components appear harmless or even attractive, but the sum-total of Microsoft\u2019s platform approach locks customers into services that may be a mismatch for their capabilities and needs. <\/p>\n\n\n\n For example, Microsoft\u2019s one-size-fits-all approach and apps may not map to business requirements. The result is that organizations lose the flexibility to use the best-of-breed apps.<\/p>\n\n\n\n E3 includes equivalent apps to many SaaS innovators and creates the impression that there’s no need to look elsewhere, while employees may want something different. And, are Microsoft\u2019s products really better or more secure than best-of-breed solutions?<\/p>\n\n\n\n Identity is another mechanism for lock-in. Microsoft\u2019s cybersecurity reference architecture<\/a>, rapid modernization plan<\/a>, and new enterprise access model for AD<\/a> all make the assertion that you\u2019ll be using Entra ID and Intune. There\u2019s not even a mention of or possibility of using anything else.<\/p>\n\n\n\n Admin features that were on-premises are moving to the cloud, e.g., Configuration Manager<\/a>.<\/p>\n\n\n\n Organizations are looking for options outside of Microsoft to deal with the diversities of mixed device types, mixed working arrangements, accelerated cloud adoption, and integration of best-of-breed technologies. Using Microsoft isn’t all bad, but it may not be right for you.<\/p>\n\n\n\n Bundles and bargains almost always give way to higher administrative overhead and more spending. Microsoft\u2019s objective is total consolidation; it envisions itself as being central to everything. That approach may not serve your organization\u2019s best interests.<\/p>\n\n\n\n Many admins just want to use Microsoft Office, tighten up their security posture, and be business enablers by providing users with the solutions that they want\/need. However, that\u2019s not what they\u2019ll end up with. <\/p>\n\n\n\n E3\u2019s complexity can make it too overwhelming to support deployment, management, and regular, ongoing training. McKinsey advises<\/a> closer involvement between IT and the business sides of companies. Microsoft\u2019s bundling increases its customer lifetime value versus making small and medium-sized enterprises (SMEs) more responsive\/competitive\/cost-effective. Time spent implementing the product impedes business\/IT alignment. SMEs can\u2019t afford IT process managers, but may need someone to perform that role due to E3\u2019s complexity, which is an antipattern to McKinsey\u2019s advice.<\/p>\n\n\n\n License management and pricing can be complex\/unpredictable without understanding how everything interconnects and what features are included in each plan. Some features are gated off, even deceptively, such as reporting in conditional access. For example:<\/p>\n\n\n\n Customizations and integrations are just too difficult to handle in-house. Only proper planning and roadmapping will realize the true cost and benefits of E3. Small and medium-sized enterprises lack the resources to do that or to follow best practices correctly.<\/p>\n\n\n\n The deeper you go, the more people that you\u2019ll need.<\/p>\n\n\n\n Admins discover that E3 doesn\u2019t satisfy Microsoft\u2019s recommendations<\/a> to secure and modernize AD. It fails to provide the services Microsoft says will protect identities and detect attacks against AD\u2019s vulnerabilities, which are endemic, given it\u2019s a legacy product. Some security experts have suggested<\/a> that Microsoft is abusing the term legacy to dodge its obligation to secure its products while simultaneously using those flaws to upsell security services. <\/p>\n\n\n\n Things become even more complicated (and costly) once admins begin to experience Microsoft\u2019s patchwork of consoles and services. One price doesn\u2019t mean \u201cintegrated.\u201d Don\u2019t just take our word for it\u2026 there are numerous examples of what you\u2019d encounter with E3.<\/p>\n\n\n\n Admins are in and out of many consoles and must understand them all and how they interrelate to turn things on: <\/p>\n\n\n\nDownstream Lock-In of Services with Microsoft Identity<\/h2>\n\n\n\n
Apps<\/h3>\n\n\n\n
Identity<\/h3>\n\n\n\n
Forced Migrations<\/h3>\n\n\n\n
The Bad Economics of Lock-In<\/h2>\n\n\n\n
Buyer Beware<\/h3>\n\n\n\n
Complex and Transient Licensing<\/h3>\n\n\n\n
\n
It\u2019s Difficult to Deploy<\/h3>\n\n\n\n
There\u2019s Always an Upsell<\/h3>\n\n\n\n
A Patchwork of Consoles and Products<\/h2>\n\n\n\n
It\u2019s Not Really All-in-One<\/h3>\n\n\n\n