M365 SKU strategy — E3 + targeted E5 add-ons, or full E5 across the group.it.decisions.d03

P0 G

Summary

E5 collapses Defender, Purview, Entra P2. Decision owner (sheet): IT Head. Sheet target: Wk 2.

Rationale prompt skeleton

Capture the rationale for this decision. Sheet-recorded justification: "E5 collapses Defender, Purview, Entra P2.". Reference the evidence questions, name the alternatives considered, and explain how this decision propagates to design, BoM, and operating model.

Default options (2)

e3_plus_targeted_e5 E3 + targeted E5 add-ons

Bulk on E3; selective E5 add-ons (Defender, Purview, Entra P2) for security-critical personas.

Pros

+ Lower per-seat cost on the majority
+ Right-sized security spend

Cons

− Add-on SKU complexity
− Some E5 features locked to full-E5 users

full_e5 Full E5 across the group

Standardise on E5 everywhere; collapse Defender / Purview / Entra P2 into the suite.

Pros

+ Tool consolidation (Defender, Purview, Entra P2)
+ Simpler license admin

Cons

− Materially higher cost
− Pays for features many personas won't use

Default approval chain

Admin
ExecutiveViewer

Linked evidence questions (5)

id	prompt	workstream
it.os_endpoint_user.q12	M365 / Google Workspace footprint — tenants per holding, SKU mix (E3/E5/Business), license counts. Any subsidiary on Google?	it.os_endpoint_user
it.identity_security.q03	MFA coverage % across the group, per subsidiary. Method (authenticator app, FIDO2, SMS — discouraged). Conditional access policies in force?	it.identity_security
it.identity_security.q06	EDR/XDR vendor + coverage % across Windows / macOS / Linux / servers. Managed in-house or via MSSP?	it.identity_security
it.identity_security.q08	DLP / CASB tooling (Purview, Netskope, Forcepoint, none). Coverage scope (email, endpoint, SaaS, cloud).	it.identity_security
it.gcc_context.q04	M365 SKU strategy for GCC — E3 + targeted E5 add-ons, or full E5? Aligned to parent or India-specific?	it.gcc_context