Proposal Tools

Build the deliverable — mid-cycle assembly

live data
0

Features in matrix

Across all M365 products

0

SoW output formats

Tailored to engagement type

0

Deliverable formats

Business case builder

0

M365 SKUs mapped

Feature matrix coverage

OverviewBusiness caseUpsell cheat sheetUpsell playbooksSoW generator
All upsell playbooks
Microsoft 365 E3Microsoft 365 E5+$21.00/user/mo · DEFENDComplete

Close every security and compliance gap in one move

E3 customers have strong productivity and basic security but critical gaps in advanced threat protection, SIEM, compliance, and analytics. E5 closes every gap and adds Power BI, Teams Phone, and advanced analytics. For budget-constrained customers, the Defender and Purview Suites added to E3 provide the security uplift without the full E5 price — but miss Power BI and telephony.

What E3 provides

  • Full desktop Office apps + web + mobile
  • Exchange Online + SharePoint + OneDrive + Teams
  • Entra ID P1 — conditional access, SSPR, dynamic groups
  • Intune — full device management
  • Defender for Office 365 Plan 1
  • Basic sensitivity labels and DLP (email + SharePoint)
  • eDiscovery Standard
  • 90-day audit log retention
  • Windows 11 Enterprise (upgrade rights)
  • Information Rights Management

Security gaps without the upgrade

No Defender for Endpoint P2

High

E3 includes Defender for Endpoint P1 (basic AV). No EDR, no threat hunting, no live response, no TVM. Endpoints are protected but not actively monitored or investigated.

No Defender for Office P2

High

No automated investigation and response for email threats. No attack simulation training. When a phishing campaign hits, remediation is manual.

No Defender for Identity

High

Hybrid AD environments are blind to on-premises identity attacks — Pass-the-Hash, Golden Ticket, lateral movement.

No Entra ID P2

High

No risk-based conditional access, no PIM for just-in-time admin access, no access reviews.

No auto-labeling

High

Labels are manual only. Large enterprises with millions of documents can't rely on users to classify every file.

No endpoint DLP / Teams DLP

High

DLP covers email and SharePoint only — not endpoints, Teams, or third-party cloud apps.

No Insider Risk Management

High

No behavioral analytics for data exfiltration, departing employee risk, or policy violations.

No Defender for Cloud Apps

Medium

No Shadow IT discovery, no cloud app governance, no session controls for risky cloud apps.

No Audit Premium

Medium

90-day retention insufficient for regulated industries. No forensic search capability.

No Microsoft Sentinel included

Medium

No cloud-native SIEM. Security events from Defender products aren't centrally correlated unless you add Sentinel separately.

No Power BI Pro

Low

No enterprise BI — teams use Excel and email for reporting instead of governed, shared dashboards.

Build business case Generate deployment SoW