The MSP License Ladder #4: The Exposure Gap
A phishing campaign targets a customer. Safe Links blocks the URL, Safe Attachments catches the payload, and the alerts close. Prevention worked. But the CISO asks: “Was this a targeted campaign or a spray? Did anyone receive a variant that ZAP hasn’t caught yet? Are there related messages we haven’t found?” On MDO Plan 1, you can run a Message Trace, but you cannot correlate messages into a campaign, see click telemetry across the tenant, or purge 30 affected mailboxes in one action.
Meanwhile, a different customer onboards after leaving their previous MSP. The old MSP’s ticketing tool still holds an active OAuth consent with Mail.ReadWrite and Directory.Read.All scope. Entra shows the consent exists, but not whether the app is still reading mail, whether the scope was ever appropriate, or whether the former MSP even still controls the app registration. And that is just the apps that went through Entra. The browser-based AI tools, file converters, and screen recording services that never touch SSO are completely invisible.
Both are exposure problems. Prevention works, but you cannot measure the exposure that slips past it. That is the gap this post is about.
This post is part of The MSP License Ladder, a series on what Business Premium and E3 don’t give you, and how to build on top of them. Every post covers one gap: what’s missing from the base SKU, what it costs to close, and what you can actually build with it. Previous: #3, The Identity Gap.
A few terms up front:
- EOP (Exchange Online Protection): baseline email security in every M365 subscription. Anti-spam, anti-malware, spoofing protection.
- MDO (Microsoft Defender for Office 365): Plan 1 adds prevention (Safe Links, Safe Attachments). Plan 2 adds investigation and response (Threat Explorer, AIR, Attack Simulation Training).
- DfCA (Defender for Cloud Apps, previously known as MCAS): Microsoft’s Cloud Access Security Broker. Shadow IT discovery, OAuth app governance, session policies, SaaS DLP.
- AIR (Automated Investigation and Response): playbook-driven investigation that correlates signals across email, endpoints, and identity.
Table of Contents
- What you actually get today
- The concrete gaps: email and collaboration
- The concrete gaps: cloud apps and OAuth
- The upgrade paths
- What you unlock
- When not to bother
- How to pitch it
- Conclusion
What you actually get today
Business Premium ships with EOP plus MDO Plan 1:
- Safe Links: URL detonation at click time across email, Office documents, and Teams
- Safe Attachments: sandbox detonation for email attachments and files in SharePoint, OneDrive, and Teams
- Anti-phishing: user and domain impersonation protection, mailbox intelligence
- Zero-hour auto purge (ZAP): retroactive removal of malicious messages already delivered
- Real-time detections: a lightweight investigation view (not the full Threat Explorer)
Microsoft 365 E3 today ships with EOP only. No Safe Links, no Safe Attachments, no anti-phishing impersonation protection.
E3 from July 2026 gains MDO Plan 1 automatically as part of the Microsoft 365 packaging update. Rollout begins June 2026 and completes by August 1, 2026. After that date, E3 and Business Premium share the same email security baseline.
For SaaS and OAuth on both SKUs: base Entra ID shows consented apps in the Enterprise Applications blade. No risk scoring, no discovery of apps outside SSO, no session controls, no AI tool detection.
The concrete gaps: email and collaboration
MDO Plan 1 prevents threats. It does not help you investigate what got through. These are the scenarios where that gap shows up.
Post-delivery visibility
A phishing email was delivered to 30 mailboxes. You need to find everyone who received it, not just those who clicked. Threat Explorer gives you 30 days of searchable email data filtered by sender, subject, URL, attachment hash, or delivery action. On Plan 1, Real-time detections is a subset that cannot search historical delivered mail at the same depth.
Automated Investigation and Response
A user reports a phish. You need to correlate the sender’s patterns, the URL’s reputation, the attachment’s detonation results, and what the recipient did after clicking. On Plan 1, that is manual. AIR automates it: runs a playbook, correlates signals, and produces a remediation recommendation you review and approve.
Campaign Views
Three employees report suspicious emails. Are they related? Campaign Views groups related phishing attempts by sender infrastructure, payload, and social engineering pattern into a single view. On Plan 1, you check each report individually.
Attack Simulation Training
The customer’s cyber insurance renewal asks about phishing simulations and click rates. Attack Simulation Training runs realistic simulations, tracks who clicks, and auto-assigns training. The results are the artefact the insurer wants. Plan 1 has no mechanism for this.
The concrete gaps: cloud apps and OAuth
Base Entra ID shows OAuth consents in the Enterprise Applications blade. That is where cloud app visibility ends.
Shadow IT discovery
Users sign up for SaaS tools with their work email. Some go through SSO; many do not. Defender for Cloud Apps discovers the rest by analyzing network traffic against a catalog of over 31,000 cloud apps, each scored on 90+ risk factors.
OAuth app risk scoring
An employee consented to an app with Mail.ReadWrite scope. Is the publisher verified? Is the scope excessive? DfCA’s app governance adds risk scoring: publisher verification, scope risk classification, credential hygiene, and behavioral anomaly detection, including app-to-app permissions.
Session policies
A contractor accesses Salesforce from a personal device. You want to allow read access but block downloads. Conditional Access can block or allow the sign-in but cannot control the session. DfCA session policies add in-session controls: block downloads, watermark files, prevent copy/paste, all proxied through DfCA without requiring device management.
Shadow AI detection
Business Premium already includes cloud app discovery through Defender for Business. That discovery already covers the Generative AI category - you can see which AI tools are being accessed and how much traffic flows to them. What Business Premium does not give you is the ability to act on it. DfCA adds per-user attribution (who is using which AI tool, not just that someone did), data volume breakdowns, and policy controls to sanction, unsanction, or block specific AI apps. That is the difference between a dashboard that says “ChatGPT was accessed” and a policy that says “block uploads to unsanctioned AI tools for everyone except the data science team.”
The upgrade paths
Three paths to close the email and SaaS gap.
| Path | Best for | Includes | List price | Main constraint |
|---|---|---|---|---|
| Defender Suite for Business Premium | BP customers under 300 users | MDO P2, DfCA, MDE P2, DfI, Entra ID P2 | $10/user/mo | 300-user cap |
| MDO P2 + DfCA standalone | Component-by-component buyers | MDO P2 + DfCA only | ~$5 + ~$3.50/user/mo | No MDE P2, DfI, or Entra P2 |
| Microsoft Defender Suite (E5 Security) | M365 E3 customers | Everything in Defender Suite for BP + Defender for IoT | $12/user/mo | Larger upfront spend |
Prices are Microsoft list per user per month, as of May 2026. CSP, NCE, and Enterprise Agreement pricing differs.
The bundle wins again. MDO P2 + DfCA standalone costs ~$8.50/user/month for email and SaaS only. For $10/user/month the Defender Suite adds MDE P2, DfI, and Entra ID P2. Unless the customer needs only one component, the bundle is the better path.
July 2026 note for E3 customers
After July 2026, E3 includes MDO P1. The email gap narrows to the P2 delta (Threat Explorer, AIR, Attack Simulation Training). The MDO P2 upgrade path stays the same.
What you unlock
| Capability | What changes |
|---|---|
| Threat Explorer | 30-day searchable email history by sender, URL, attachment, or delivery action. |
| AIR | Playbook-driven investigation with remediation actions you review and approve. |
| Campaign Views | Related phishing attempts grouped into campaigns across all affected users. |
| Attack Simulation Training | Phishing simulations with click rates and auto-assigned training. |
| Shadow IT discovery | 31,000+ cataloged apps scored on 90+ risk factors. |
| OAuth app governance | Publisher verification, scope risk, credential hygiene, behavioral anomalies. |
| Session policies | In-session controls on third-party SaaS without device management. |
| Shadow AI detection | Generative AI category with per-user attribution, data volume, and sanction controls. |
The practical difference: the phishing campaign from the opening takes 5 minutes to scope in Threat Explorer instead of hours. AIR recommends soft-deleting messages from all 30 mailboxes. The former MSP’s ticketing tool with Mail.ReadWrite and Directory.Read.All gets flagged automatically. Shadow AI tools surface with per-user data volume in the cloud discovery dashboard.
When not to bother
Not every customer needs MDO P2 and DfCA. Two scenarios where the upgrade will not earn its keep:
Too few mailboxes for Attack Simulation Training (AST). AST needs enough recipients for a meaningful click rate. A 5-person office does not have the volume for realistic phishing simulations, and the results are not statistically useful. Threat Explorer, AIR, and Campaign Views still add investigation value at any size, but if AST is the main justification for the upgrade, the economics do not work below roughly 25-30 users.
Tight app allow-list, no BYOD, no SaaS sprawl. If the customer runs a handful of IT-managed apps behind SSO, every device is corporate-managed, and users cannot install their own tools, DfCA’s Shadow IT discovery will mostly confirm what you already know. The Shadow AI angle can still matter if the customer is concerned about browser-based AI tool usage, but the broader OAuth governance and session policy workloads will stay quiet. In that scenario, MDO P2 on its own may be the better scoped purchase.
How to pitch it
Post-incident. “The phishing campaign last month hit 30 mailboxes and took a full day to scope. With Threat Explorer, that is a 5-minute search. AIR automates the investigation and recommends the remediation.”
Insurance renewal. “Your cyber insurance questionnaire asks about phishing simulations. Attack Simulation Training gives you real simulations with click rates and auto-assigned training. That is the artefact the underwriter wants.”
Shadow AI. “Your staff is using AI tools you cannot see from the admin center. DfCA shows which tools, who uses them, and how much data flows. That is the visibility you need before writing an AI usage policy.”
OAuth risk. “You have 40 consented apps in Entra. How many have Mail.ReadWrite from an unverified publisher? DfCA flags the ones you should revoke before they become an incident.”
Price it as a managed security service, not a licence passthrough. The $10/user/month Defender Suite for BP is the floor.
Conclusion
Prevention is half the story. MDO P2 adds the investigation layer for email: Threat Explorer, AIR, Campaign Views, and Attack Simulation Training. Defender for Cloud Apps adds the visibility layer for everything outside email: Shadow IT, OAuth governance, session controls, and Shadow AI detection. Both sides close with the same purchase: Defender Suite for Business Premium ($10/user/month) or E5 Security ($12/user/month).
After July 2026, E3 gains MDO P1 in the base subscription. The email exposure gap narrows to the P2 delta. The cloud app gap remains unchanged.
Start with one customer tenant. Run a Threat Explorer search for a known indicator, connect DfCA’s cloud discovery, and review the findings. Then scale out.
| Resource | What it covers |
|---|---|
| MDO Plan 1 vs Plan 2 cheat sheet | Feature comparison between EOP, P1, and P2 |
| Threat Explorer overview | Post-delivery email search and investigation |
| Attack Simulation Training | Phishing simulation setup and management |
| Defender for Cloud Apps overview | Shadow IT, OAuth governance, session policies |
| Cloud app catalog and risk scores | 31,000+ apps, 90+ risk factors, Generative AI category |
| Defender Suite for Business Premium | Bundle contents and pricing |
| July 2026 packaging update | MDO P1 in E3, Intune additions, price changes |
Part of The MSP License Ladder series. Previous: #3, The Identity Gap.
Last verified: May 2026
Related
- The MSP License Ladder #1: The Hunting Gap – what Defender for Endpoint Plan 2 unlocks for proactive threat hunting across your customer fleet.
- The MSP License Ladder #2: The Data Gap – what Purview Suite unlocks over base Business Premium and E3 for DLP, Insider Risk, and eDiscovery.
- The MSP License Ladder #3: The Identity Gap – what Entra ID P2 and Defender for Identity unlock for risk-based CA, just-in-time privilege, and on-prem AD visibility.