Getty Images/iStockphoto

Tip

What do the different licenses for Windows 11 come with?

Before organizations migrate to Windows 11, they must determine what the best options are for licensing. Learn about the choices to license via base Windows 11 or Microsoft 365.

Windows 11 was released in October 2021, but many organizations haven't deployed it and have questions regarding what Windows 11 includes, how to deploy it and how to license it.

IT administrators need to research the details of Windows 11's features, the different editions that organizations can choose from and what reasons there are to deploy it.

What features are included with Windows 11?

While the move to Windows 11 is inevitable, the enterprise admin should understand the benefits and new features of Windows 11 Pro compared to Windows 10. The most significant enterprise-focused features include the following:

  • New interface. Perhaps most noticeably from the outside, Microsoft changed the Windows UI. The interface is sleek and easy to use, but of course, for enterprise organizations, it means a brief loss of productivity while users get used to it.

    The interface of a Windows 11 desktop
    Figure 1. The redesigned interface for Windows 11 with a window open
  • Smart App Control. In addition to existing antivirus software, Smart App Control uses a cloud security service that determines if the app a user is running is malicious, dangerous or otherwise unwanted. If so, Smart App Control blocks it. One limitation is that Smart App Control only works on new installs of Windows 11, not on Windows 10 upgrades.
  • Live captions. Incoming audio can be transcribed into captions with this feature. This could serve as a strong feature for virtual conference calls via Teams and other software.
  • Amazon Appstore and Android apps. Windows 11 natively runs apps available from Amazon Appstore -- even some for mobile devices. Android apps from Google Play Store that require Google Play Services do not work. However, it is possible to install a fully functional Google Play Store, but this is a complicated process and relying on it in an enterprise setting would be unwise.
  • Video call enhancements. Microsoft has made improvements to enhance video call functions to help make those troublesome video calls more intelligible.
  • Touchscreen. There are improvements to touchscreen technology, which help productivity through more accurate controls.

While these features and others offer conveniences and perhaps business improvements, the enforcement of Trusted Platform Module (TPM) 2.0 is the most significant. While TPM has been around in Windows since Windows 8, Microsoft opted to require TPM to be enabled in the BIOS of the hardware device or Windows fails to boot.

Often referred to as Secure Boot, TPM is a helpful feature from a security perspective. TPM is a chip or a function built into a CPU chip or graphics card, using cryptographic keys that store signatures for devices, such as disk drives, and software, such as the OS. If malware attempts to load another OS or application as an attack, the signature stored in the TPM recognizes the conflict and does not allow it to boot.

The bad news is that, if the desktop or laptop does not have TPM 2.0 support, Windows 11 install refuses to install. Booting to the BIOS management menu should reveal the TPM setting (Figure 2). TPM is called different things by different manufacturers, so you may have to do some research into the terminology.

The Windows BIOS menu with the status as available
Figure 2. The BIOS menu showing a case where the TPM is, in fact, available

Windows 11 also requires some significant hardware improvements that may prevent that five-year-old laptop from installing this system, which is a key factor to consider as well.

Windows 11 editions

There are several editions and versions of Windows 11, similar to previous Windows OSes. According to Microsoft, there are three versions of Windows 11 as shown in Microsoft's feature comparison chart:

  1. Windows 11 Home. This version is for consumers and not intended for business as in previous Windows versions.
  2. Windows 11 Pro. This version is for business and professional use.
  3. Windows 11 Pro for Workstations. This is an advanced version for power users, such as gamers.

The Pro for Workstations edition could benefit enterprise organizations because it provides certain specific applications that the Pro edition doesn't offer. These improved features include accelerated file storage, increased support for CPU and RAM, and enhanced data integrity with the Resilient File System technology. Generally speaking, most enterprise organizations adopt Windows 11 Pro.

Within the framework of these versions, there are three other editions that can be configured to give customers more precise control over features:

  1. Enterprise. This edition is intended for enterprise organizations with over 300 users and includes three further licensing models -- E3, E5 and F3 -- delivered as Microsoft 365 subscriptions. Organizations can also obtain Windows Enterprise via a Volume Licensing agreement.
  2. Business. This edition is intended for SMBs, especially those with under 300 users. It includes options for Basic, Standard and Premium, as well as an Apps for Business version, delivered as Microsoft 365.
  3. SE Education and Pro Education. This edition is licensed specifically to educational institutions.

It is important to know that Enterprise, Business and Education are obtained through licensing options, not through different Windows 11 bits.

Windows 11 Enterprise licensing

As noted previously, Windows 11 has Enterprise and Business licensing for organizations with over 300 users and under 300 users, respectively. Both are obtainable via licensing by purchasing Microsoft 365 Business or Enterprise. This article explores the Enterprise option. The purchase of Microsoft 365 Enterprise also includes Windows 11 Pro.

Microsoft touts Windows 11 Enterprise as beneficial to a hybrid workforce that needs productivity, mobility and security features. The Enterprise edition includes technology for deployment, security, collaboration, compliance and other tools that desktop administrators need.

Most of Microsoft's information regarding Windows 11 Enterprise lists only three primary versions for features and pricing: E3, E5 and F3. The full comparison table from Microsoft lists some interesting alternatives for E3, E5 and F3.

What comes with Microsoft 365 F3, E3 and E5?

Microsoft provides general explanations for the different subscription models. F3 is the cheapest and contains minimal services that apply to frontline users -- those that are the face of a business on the front line and interfacing with customers. Microsoft states that its E3 license is beneficial for "large and midsize organizations with advanced security and comprehensive management needs." On the other hand, E5 is for those who want a "holistic, cloud-delivered endpoint security solution."

All three licenses offer a per-user monthly fee pricing plan. F3 is $8 per user, per month. E3 is listed at $36 per user, per month. E5 is $57 per user, per month. They all include the following features.

Note: In addition to these Microsoft 365 features, the Windows 11 features described previously, such as Amazon Appstore compatibility, Smart App Control and TPM security, also are present.

The plans described below are compared in Microsoft's comparison chart with appropriate links for further information:

  • Microsoft 365 apps. For E3 and E5, Word, Excel, PowerPoint, OneNote, Publisher and Access can be installed on up to five PCs or Macs, five tablets and five mobile devices per person. This includes Office on web and mobile. The F3 version only contains Office for web and mobile apps and cannot be installed on devices.
  • Email and calendar. Outlook, Exchange and Bookings are all available on E3, E5 and F3.
  • Meetings and voice. Microsoft offers this functionality via Microsoft Teams. All versions contain Teams, Walkie Talkie, Planner, Shifts and Approvals. However, Only E5 includes Phone System and Audio Conferencing.
  • Device and app management. This feature includes management tools for PCs, mobile devices and user functions. All three licenses include Microsoft 365 Admin Center, which is a web-based server management tool; Microsoft Intune Suite, which is the revamped platform for a wide range of device management tasks; and Microsoft Universal Print. Only E3 and E5 include Windows Autopatch.
  • Social and internet. This includes SharePoint, Yammer, Viva Connections and Viva Engage in all three versions
  • Files and content. All three editions include OneDrive, Stream, Sway, Lists, Forms and Visio.
  • Work management. F3, E3 and E5 all offer Planner, Power Apps, Power Automate, Power Virtual Agents and To Do.

What are the differences among Microsoft 365 F3, E3 and E5?

The differences among F3, E3 and E5 lie in analytics, identity and access management, threat protection, information protection, security management and compliance management:

  • Analytics. Microsoft's analytics are in E3 and E5. This consists of Viva Insights' personal insights. Viva Insights is a new application similar to the MyAnalytics feature that provides insights to let users be more productive by analyzing email, calendar activity and more, and it interfaces with Teams. If organizations want Viva as a standalone service, the cost is $4 per user, per month.
  • Identity and access management. Versions F3, E3 and E5 all include Windows Hello, Credential Guard, Direct Access and Azure Active Directory (AD) Premium Plan 1. Only E5 includes Azure AD Premium Plan 2.
  • Threat protection. The threat protection options for all three versions differ significantly (Table 1). Note that the features are geared to the focus of each Enterprise version.
    Threat protection features for Microsoft 365 Enterprise licenses E3 E5 F3
    Microsoft Defender Antivirus and Device Guard X X X
    Advanced Threat Analytics X X X
    Microsoft 365 Defender X
    Microsoft Defender for Endpoint P1 X
    Microsoft Defender for Endpoint P2 X
    Microsoft Defender for Microsoft 365 X
    Microsoft Defender for Identity X
  • Information protection. These features are designed for data protection, in conjunction with Microsoft's threat protection, to maintain a highly reliable security infrastructure (Table 2).
    Information protection features for Microsoft 365 Enterprise licenses E3 E5 F3
    Data Loss Prevention for email and files X X
    Windows Information Protection and BitLocker X X X
    Azure Information Protection P1 X X X
    Azure Information Protection P2 X
    Microsoft Defender for Cloud Apps X
  • Security management. This includes Microsoft Secure Score and Microsoft Security and Compliance Center for managing threat protection and data protection. All three have access to these features.
  • Compliance management. With this set of features, IT can handle compliance risk assessments and responses to regulatory compliance through policies and third-party connections. F3, E3 and E5 all have access to manual retention labels. E3 and E5 can use retention policies, including for Teams, and only E5 has access to Advanced eDiscovery, Insider Risk Management and third-party connectors.

Microsoft's full comparison table identifies additional Enterprise versions that enable an organization to buy specific feature sets, such as E3 Security, E3 Compliance, F5 Security, F5 Compliance and F5 Security + Compliance. There is also Enterprise Mobility + Security for E3 and E5.

How to choose the right Windows 11 license

Determining which version of Windows 11 to purchase depends entirely on what each organization needs, but there are a few helpful steps that can guide technology buyers in this process:

  1. Determine if advanced features of security or compliance are required. If so, go with E5, but otherwise, choose E3.
  2. E3 and E5 are similar, differing only on advanced security, compliance, and information and threat protection. If you're going with E3, make sure that you aren't missing out on a required feature or the total cost of ownership value of a certain E5 feature.
  3. Remember the F3 option provides only web and mobile Office apps with no local installation, which could lead to lost productivity for some users.

One final consideration is to work with a Microsoft partner to purchase these licenses. They may be able to provide discounts that Microsoft does not and consulting to help analyze and define which options are best for your organization. These partners understand Microsoft's licensing jungle and can provide valuable advice to get it right the first time.

Dig Deeper on Windows OS and management

Virtual Desktop
SearchWindowsServer
Close