Microsoft 365 security features are receiving a major uplift as Microsoft moves Cloud PKI, Endpoint Privilege Management and other advanced capabilities directly into the subscription. At Spirhed, we see this as one of the most impactful updates to the platform in years.
Microsoft has announced a significant expansion of its security and management capabilities within Microsoft 365 E3 and E5, with new features expected to roll out towards summer 2026. While pricing adjustments will follow on 1 July 2026, the real impact lies in what customers will now gain as part of the platform.
Several high-value features that were previously positioned as premium add-ons — or simply too costly to adopt at scale — are being integrated directly into the standard E5 and E3 subscriptions.
For our industry, this represents a meaningful shift in what Microsoft 365 delivers out of the box.
At Spirhed, we view this as an opportunity for customers to modernize core aspects of their security and identity architecture without adding complexity or relying on external tooling.
Microsoft 365 security features: A substantial uplift in capability
Cloud PKI’s role in modern Microsoft 365 security features
Cloud PKI has been available for some time, but commercial barriers have kept it out of reach for many IT environments — technically strong, strategically important, but difficult to justify financially.
Moving Cloud PKI into the E5 value offering fundamentally changes that. It makes certificate-based identity, Wi-Fi authentication, device trust and workload protection achievable for far more businesses.
This shift positions Cloud PKI as the new gold standard for Zero Trust enforcement and certificate lifecycle management — without the overhead of traditional on-prem PKI or the cost of third-party services.
Capabilities from Intune Suite are now included
Microsoft is also consolidating several capabilities previously known from the Intune Suite into the standard E5 offering, including:
Endpoint Privilege Management (EPM)
Enterprise App Management
Advanced Intune analytics and policy capabilities
These updates significantly enhance the Microsoft 365 security features available to all E5 tenants, making modern endpoint governance far more accessible.
Endpoint Privilege Management (EPM)
EPM introduces controlled, auditable privilege elevation, replacing traditional local admin rights with a secure approval workflow. This is one of the most effective steps companies can take to reduce endpoint risk and support practical Zero Trust adoption.
Enterprise App Management
Managing and updating third-party applications has long been an operational burden. Integrating this capability into E5 reduces packaging work, improves update consistency, and strengthens the overall security posture.
Security Copilot’s role in Microsoft 365 security features
Security Copilot continues to mature as part of Microsoft’s security stack. Its deeper integration supports investigations, incident response, and operational insight, reinforcing E5 as Microsoft’s most comprehensive security suite.
Microsoft 365 E3 enhancements strengthen the baseline
Defender for Office 365 Plan 1 included
E3 now includes phishing protection, advanced URL and attachment scanning, and enhanced threat detection, significantly improving the security baseline for customers who previously operated without advanced email security.
Enhanced Intune capabilities
Capabilities such as Remote Help and improved analytics reduce friction for IT teams and support more modern endpoint operations.
Pricing update
Microsoft will introduce a global price adjustment, effective July 1, 2026.
However, the uplift in Microsoft 365 security features — especially in E5 — represents a clear net gain for most customers.
Spirhed’s perspective
This update enables what we have advocated for years:
security, identity, and device governance that is integrated, cloud-driven, and operationally realistic.
With Cloud PKI, EPM, and advanced Intune capabilities now available to more customers, businesses can:
- retire ageing PKI infrastructure and adopt a cloud-native model
- eliminate standing local admin rights with modern privilege elevation
- streamline application governance and reduce operational load
- strengthen baseline security posture with fewer external dependencies
This represents a material improvement in how Microsoft 365 supports a secure, scalable, and well-governed environment.
How Spirhed can help
Spirhed works hands-on with customers to design and implement solutions aligned with the updated Microsoft 365 platform, including:
Cloud PKI planning, migration, and adoption
Endpoint Privilege Management strategy and rollout
Intune modernization and application governance
Identity and Zero Trust architecture
Licensing guidance aligned with the 2026 update
For more insights on Microsoft technologies and our latest perspectives, visit our Knowledge Hub:
https://spirhed.com/knowledge-hub/
If you are considering Cloud PKI, modern privilege elevation, or a broader update to your Microsoft 365 security architecture, we would be happy to explore the right approach together.
Further reading
Microsoft’s full announcement is available here:
https://www.microsoft.com/en-us/microsoft-365/blog/2025/12/04/advancing-microsoft-365-new-capabilities-and-pricing-update/