Zero Trust Architecture
Verify Explicitly • Use Least Privilege Access • Assume Breach
Complete Feature Comparison
Security Feature Matrix: Standard vs Business Premium vs Enterprise E5
| Feature Category / Capability |
Business Premium
SME (< 300 Users)
|
Enterprise E3
Standard Corp
|
Enterprise E5
Full Security
|
|---|---|---|---|
| Est. Price (USD/User/Month) | ~$22.00 | ~$36.00 | ~$57.00 |
| 1. Identity & Access (Entra ID) | |||
| Multi-Factor Authentication (MFA) | |||
| Conditional Access Context-based policies (IP, Device, Loc) | Plan 1 | Plan 1 | Plan 2 |
| Identity Protection Real-time Risk Detection & Blocking | |||
| Privileged Identity Mgmt (PIM) Just-In-Time Admin Access | |||
| 2. Endpoint Management (Intune) | |||
| MDM (Device Management) Manage Windows, iOS, Android, macOS | |||
| MAM (Mobile App Management) Protect App Data on Personal Devices | |||
| Windows Autopilot Zero-touch Deployment | |||
| 3. Threat Protection (Defender) | |||
| Next-Gen Antivirus | |||
| Endpoint Detection & Response (EDR) Advanced Post-breach hunting | Included | Included | |
| Email Safe Links & Attachments Zero-day Phishing/Malware Protection | |||
| Automated Investigation & Response Self-healing AI | |||
| 4. Information Protection (Purview) | |||
| Manual Sensitivity Labels | |||
| Data Loss Prevention (DLP) Exchange, SharePoint, OneDrive | |||
| Endpoint DLP Block USB, Print, Clipboard on Devices | Lite | Full | |
| Auto-Labeling (AI) Auto-classify data based on content | |||
| 5. Cloud Apps & Shadow IT | |||
| Cloud App Discovery (Shadow IT) | Basic | Basic | Full |
| Session Control (CASB) Block downloads on unmanaged devices | |||
Interactive Tool
Full Security Assessment
เลือกตัวเลือกที่ตรงกับองค์กรของคุณที่สุด (10 ข้อ)
1
Identity & Foundation
1. License Microsoft 365 ที่ใช้เป็นหลัก?
None / Basic
Google / Exchange Only
Business Premium
SME (<300 users)
Enterprise E3
Standard Enterprise
Enterprise E5
Full Zero Trust Suite
2. ระบบจัดการผู้ใช้ (Identity) ปัจจุบัน?
On-prem AD Only
Server ภายในเท่านั้น
Hybrid Identity
Sync ขึ้น Cloud
Cloud Only
Entra ID Native
3. การยืนยันตัวตน (Authentication)?
Password Only
Weak Security
Password + SMS
Basic MFA
Microsoft Auth App
Strong MFA
2
Devices & Applications
4. การบริหารจัดการอุปกรณ์ (Device Mgmt)?
Unmanaged
User ดูแลเอง
Hybrid Join
AD GPO + Intune
Intune / Autopilot
Modern Mgmt
5. ระบบป้องกันไวรัส (Endpoint Protection)?
Legacy / 3rd Party
Signature-based AV
Standard Defender
Built-in Windows AV
Defender for Endpoint
EDR / XDR
6. การอัปเดต Patch Windows?
Manual
User กด update เอง
WSUS / SCCM
On-premise Server
Windows Autopatch
Cloud Automated
7. ความปลอดภัยของ Email (Phishing)?
Standard Exchange
Basic Spam Filter
Defender for Office 365
Safe Links / Attach
8. การควบคุม Shadow IT (Cloud Apps)?
Uncontrolled
ไม่ได้บล็อก
Firewall Block
บล็อกเว็บที่บริษัท
CASB (Defender)
Discovery & Policy
3
Data & Network
9. การปกป้องข้อมูล (Data Protection)?
None
ไม่มีการเข้ารหัส
Manual Labeling
User กดเลือกเอง
Auto Labeling
AI ป้องกันอัตโนมัติ
10. การเข้าถึงจากภายนอก (Remote Access)?
Direct Access
Public IP / RDP
VPN
Traditional VPN
Zero Trust Access
App Proxy / Global Secure Access
Assessment Report
Date:
0%
Maturity Level
Traditional
Executive Summary
Recommended Plan
Why this plan?
✅ Current Strength
⚠️ Critical Security Gaps
🗺️ Implementation Roadmap
P1
Phase 1: Foundation (0-30 Days)
P2
Phase 2: Policy (1-3 Months)