If you’re running an SMB in the UK, chances are you’ve asked yourself the same question I hear almost every week: “Do we really need Microsoft 365 E5, or will E3 get the job done?” The jump in cost isn’t small, and no one wants to pay for features they’ll never use. But at the same time, underinvesting can leave your business exposed to risks you can’t afford.
I’ve spent years working with SMBs across a wide range of industries, and I can tell you that this decision is rarely as simple as “E5 has more features, so it must be better.” The real challenge is finding the right balance between cost, risk, and value. I know where businesses overspend, where they under-protect, and where they get it exactly right.
In this article, I’ll share what I’ve learned from those experiences: when E3 is enough, when E5 is worth the investment, and the mistakes to avoid so you don’t waste money or put your organisation at risk.
E3 is often ideal for SMBs that just want to provide an element of identity protection and control over their data. This makes it more than just the entry-level business licence, but a solid foundation for most smaller businesses. If your priority is giving your team the tools to collaborate securely without unnecessary complexity, then E3 will do the job.
In a nutshell, this licence includes:
From a cost perspective, you’ll find that there is a sizeable jump between E3 and E5. The former is a lot more budget-friendly, given that it includes the features needed to cover the basics. This also makes it a lot simpler to manage, as there is less complexity in policies and configuration compared to E5. However, it’s worth noting that Microsoft’s flexible licensing model allows you to add extra security packs if your business needs additional protection without committing to E5.
Every solution has its limitations, and E3’s are primarily in depth and visibility. With this licence, you don’t get the advanced analytics, automated compliance, or rich threat intelligence that E5 delivers. That means if you’re in a high-risk industry or deal with sensitive data daily, E3 could leave you exposed. But again, if your business mainly needs reliable productivity tools and sensible baseline security, E3 is more than enough.
E5 isn’t just E3 with extra features bolted on: it’s a different proposition for businesses that need to go deeper on security, compliance, and control. More specifically, if you feel like your data is ultra-sensitive — whether it’s personal information or financial data — then opting for E5 gives you those additional layers of compliance and control, and it also removes the need for third-party tools.
At a high level, here are the standout features this licence includes:
But as comprehensive as this solution is, E5 also has its downsides. Firstly, it has a significantly higher monthly fee per user. However, it’s worth repeating that the value of E5 comes when your business needs the extra layers of control, visibility, and compliance — or when consolidating multiple add-ons into one licence actually lowers your total spend.
Another drawback of having so many features baked in is that many of them go unused. The Teams Phone system, for example, often goes untouched while businesses continue to pay for it. In a similar vein, E5 isn’t “set and forget”: it’s a lot more complex to manage and thus requires ongoing tuning of policies, risk assessments, and admin time.
That being said, I’ve also seen plenty of customers get the balance wrong. Some fall into the licence sprawl trap and end up paying for features they don’t touch. Whereas those who stick with E3, bolt on extra tools, and spend more in the long run. The sweet spot comes from understanding your risks and your needs, not just looking at the price tag.
One client, a recruitment company with 1,200 users, was juggling a mix of E3 and add-on licences. What started as a cost-saving approach quickly became an administrative nightmare: policies didn’t align, security gaps appeared, and the business was only partially compliant. After working with us at Babble and Microsoft, they moved their entire estate to E5. Sure, it was more expensive, but this resulted in simpler management, stronger protection, and fewer risks falling through the cracks.
On the other hand, I’ve also worked with many businesses where E3 – plus the right security add-on packs – gave them everything they needed, at a lower cost per head. That’s why there isn’t a one-size-fits-all answer, and working with a trusted partner is crucial.
At this point, you might be wondering if it’s possible to put some users on E3 and others on E5. Look, it’s possible — and in some cases, it makes sense. But I’d be lying if I said it doesn’t make staying on top of everything a lot more complicated (especially if you have a high head count). A mixed estate means managing multiple licence profiles, policies, and controls. For some organisations – like the recruitment agency I mentioned above – that complexity outweighs the savings. And if you’re not careful, whatever goes unmanaged is exactly what attackers are waiting to exploit.
If you’re considering taking the hybrid approach, I’d strongly advise you to start by assuming you’ll standardise. Only move to a hybrid model if you can clearly define groups of users with different risk levels, and you’ve thought through how you’ll manage the complexity.
Before deciding which path to take, here’s a shortlist of questions I encourage every IT manager or business leader to ask themselves:
And don’t forget: licensing isn’t a one-off decision. Keep in mind that Microsoft updates its Stock Keeping Units (SKUs) regularly, and your business will change too. At the very least, check in with a trusted advisor every year before your renewal to make sure your licences still fit and meet your needs.
At its core, this decision is about balancing cost, risk, and value. Stick with E3 if you only need collaboration tools and baseline security. Move to E5 if you’re in a regulated industry or handle sensitive data. And if you sit in the middle, a hybrid model can work — as long as you’re ready to manage the added complexity.
I’ve worked with many SMBs across the UK to navigate this exact choice. My goal is to help you avoid wasted spend, strengthen your security, and make Microsoft 365 deliver real value for your organisation.
Remember, licensing isn’t a one-off decision. Microsoft evolves its SKUs, and your business will change too. That’s why I recommend reviewing your licences annually with a trusted advisor. If you’re ready to take the next step, book a free SmartCheck Microsoft 365 licensing review with Babble — we’ll identify any wasted spend, assess your risk profile, and determine whether E3, E5, or a mix of both is right for you.