"Which Microsoft 365 plan suits us?" is the most frequent question we get from SMBs. The short answer: it depends on size, sector, and how seriously you take security. The long answer is this guide. We'll break down the 6 main plans, tell you which suits companies of 10, 50, 100, and 200+ employees, and warn you about the add-ons worth their weight in gold vs the ones that are smoke.
The 6 main plans in 2 minutes
- Microsoft 365 Business Basic — web/mobile only, Exchange + Teams, no Office desktop. USD $6/user/month.
- Microsoft 365 Business Standard — everything above + full Office desktop. USD $12.50/user/month.
- Microsoft 365 Business Premium — everything above + Defender for Endpoint + Intune + Information Protection. USD $22/user/month.
- Microsoft 365 Apps for Business — Office desktop only, no Exchange. USD $8.25/user/month.
- Microsoft 365 E3 — Enterprise base + compliance. USD $36/user/month.
- Microsoft 365 E5 — E3 + Defender for Office 365 + Power BI Pro + more. USD $57/user/month.
Which plan by company size
- 1-10 employees → Business Basic + Office Online usually suffices. If you need Office desktop, move up to Standard.
- 11-30 employees → Standard is already justifiable. If you handle sensitive data, consider Premium.
- 30-100 employees → Premium is our recommended for security-to-cost ratio.
- 100-300 employees → Premium or E3 depending on compliance needs (multi-geo, advanced eDiscovery).
- 300+ employees → E3 minimum. E5 if you have strong regulatory requirements (financial, health, government).
Business Premium: why it's our favorite for SMBs
The price difference between Standard ($12.50) and Premium ($22) is USD $9.50/user/month. For that delta you get Microsoft Defender for Endpoint (EDR that purchased standalone costs over $5/user/month), Intune for device management (MDM/MAM, market value $3+/month), Conditional Access via Azure AD Premium P1 ($6/month standalone), and Information Protection with sensitivity labels. Bought separately, that stack would cost 2-3x more.
When to step up to Enterprise (E3 / E5)
Clear triggers to jump to E3: more than 300 users, specific compliance requirements (HIPAA, PCI, SOX), advanced eDiscovery for legal matters, multi-geo operations with data residency, complex governance with multiple tenants. E5 is justified when you also need Defender for Office 365 advanced anti-phishing, embedded Power BI Pro, or the full Defender XDR suite.
Add-ons that are worth it
- Microsoft Defender for Endpoint — Only if you don't have Premium. Essential as EDR.
- Azure AD Premium P1/P2 — Advanced Conditional Access, Privileged Identity Management.
- Power BI Pro — If the organization uses BI seriously.
- Microsoft Defender for Office 365 Plan 1 — Advanced anti-phishing, Safe Attachments, Safe Links. Useful for SMBs in spear-phishing target sectors.
Real costs in Colombia
For a 30-user company on Business Premium, the official USD cost is $22 × 30 × 12 = $7,920 USD annually. At an approximate TRM of 4,000 COP/USD: ~$31,680,000 COP/year, or ~$2,640,000 COP/month for the whole stack. Compared to separate licensing + EDR from another vendor + MDM, savings typically exceed 40%.
Common selection errors
- Buying Standard when Premium was cost-effective. Calculated separately, Premium always justifies itself for companies >25 users.
- Not using MFA even though it's included. 80% of attacks start with compromised credentials. MFA neutralizes most, and you already paid for it.
- Paying for Teams separately when it's already in the plan. We still see companies with a separate Teams license on top of Business Basic. Cancel one.
- Not configuring Intune when it's already included in Premium. It's the difference between a lost phone being a scare vs a data breach.
- Buying Power BI Pro per-user when E5 would have been cheaper. Starting at 50 users with Power BI Pro, E5 is cheaper as a bundle.