Microsoft Purview Data Loss Prevention Reviews

Microsoft Purview Data Loss Prevention is already set up in parallel to Forcepoint. We had some cases where Forcepoint was not able to see the issue, and Purview detected it. With Microsoft Purview Data Loss Prevention, it is much easier to have very good rules. Forcepoint does not have a knowledge of the organization, and you have to set up everything. When you are going to use Microsoft Purview Data Loss Prevention, most of the setup is already done by default as per your needs.

Microsoft is younger than Forcepoint in the DLP game. All the security operations are better defined in Forcepoint, while in Microsoft Purview Data Loss Prevention, you will have to use a specific workflow and then an application to release blocked emails. Out-of-the-box security operations are more adopted by the organization where I am currently working.

I have been using Microsoft Purview Data Loss Prevention since the start of 2024. The tool is used in my customer's company.

I am not satisfied with the technical support of the solution, and it is an issue that has escalated at the moment because we are getting support services from a partner.

Though I am not a specialist, the tool is quite expensive. One of the issues is that Forcepoint is mainly used for DLP, but the license is not an enterprise license, so the cost is quite high. One of the targets of the customer I am working for was to decrease this cost. Microsoft Purview Data Loss Prevention is a tool included in the E5 license plan. You don't have to pay for it directly, or you are paying, but it is inside the bundle, and in it, you also have the compliance tool of Microsoft Purview, which is as important as Microsoft Purview Data Loss Prevention itself, so you see just two parts in Purview. One is related to security and information protection, and the other one is related to compliance. The tool related to security is well integrated with Office 365, so it means you can classify information at the source or close to the source, which is something really important. All the security is based on data classification, and Office 365 is the main security bubble because, in the past, we used perimeter security. Now, we have moved to zero trust, and for zero trust, perimeter security is no longer sufficient, and that is why we moved to Forcepoint. We have Microsoft Purview, which fits our needs very well. Microsoft is moving to NIST Cybersecurity Framework (CSF) 2.0, and Forcepoint was closest to NIST Cybersecurity Framework (CSF) 1.0. Forcepoint's strategy is good, except for the data redundancy part.

It is difficult to identify and mitigate potential data leaks because we are putting the tools in one by one, and it depends on the type of project. The important fact is that we connect the way we handle the traffic on the endpoint. Endpoints are well managed by Microsoft Purview Data Loss Prevention. The tool's integration with the browser is also something important.

The company in charge of implementations for the project is a Microsoft partner. In our company, we had some troubles. It was not related to Microsoft Purview. What is good with Microsoft is that all the documentation is defined. We have a lot of staff and so on. The quality of support documentation is just great. We also have a perfect online community with blogs and documentation, but when you have to go with a specific blog inside the product, it becomes difficult.

The use of AI to enhance data loss prevention is not really our company's main subject, but I can say that it works. The main subject for our company is moving to the cloud and using a zero-trust model, so it is not a pure DLP project. We need to ensure DLP is there but in the cloud.

I recommend Microsoft Purview Data Loss Prevention to others. If you are in a hybrid mode where you have Microsoft, Amazon, or GCP, then it would be different. In cases where I use Microsoft's integration capabilities and I want to keep only one technology and one vendor, then in this case, it's better to have Microsoft Purview.

I rate the tool a seven out of ten.

The purpose of the solution is connected to the fact that we use the whole Microsoft suite. We use the DLP mostly, but we also use Defender which comes with the Microsoft license.

Up until now, we have used it to investigate everything, what's going on and whether people are sharing data, but mainly for monitoring. There are just a few things that are being blocked right now.

Purview has helped significantly to reduce the number of solutions we need to interact with each other. It's one suite for everything, which is very good.

We can also see compliance in real time. There's great visibility into data governance. That's one of the strongest points. We have 100 percent compliance with legal regulations around the globe. That's very good. It has notably improved our ability to stay on top of compliance. It's not all companies that are 100 percent compliant.

In addition, the time needed to respond to insider threats has decreased. It's very easy to know everything that's going on right now. I have all the controls to see what's being shared everywhere, around the world. If we see something that looks odd, we reach out to the folks involved immediately. It's almost instant. It has reduced our insider threat response time by more than 60 percent.

It is 

• very easy to use
• very easy to learn 
• very well documented

and the community is great as well.

The UX is very good. It's easy to get around inside that tool, and it's easy to get help.

I don't think it's very different from other solutions regarding the features, but because everything is on Microsoft and we use Azure, integration with the product is easier. That's the most important thing when you use many Microsoft products. It's easier to integrate everything in one place.

It's very important that it collects data from non-Microsoft products if we need information about what's going on with other OSs. If we're talking about personal computers, especially employees' computers, they are mostly going to be Windows. But if we're talking about servers, they are mostly Linux.

Purview is also built to take into account regulations from the US, Brazil, Europe, Asia-Pacific, et cetera. This is very important as well because you have to take into account the intricacies of each legal system.

Another good feature is the education it provides to users on how best to handle sensitive data.

There is no AIP for Linux systems. That's a setback. Another thing it's lacking is libraries to work with Python. It has libraries for C# and C++, for example, but not for Python and, these days, Python is very useful.

Power Automate can be improved as well. You can do plenty of things with it but it still doesn't do everything that you have in a full development language. It doesn't have that flexibility.

I would also like more integrations in Power Automate. Because so many things are a premium with Power Automate, you cannot do everything. There are a bunch of integrations that you have to pay more to use. That's not very good.

I have been using Microsoft Purview Data Loss Prevention for one year and three months.

So far, we have not had an outage. It seems like a 99.9 SLA.

It's a SaaS solution, so everything is in the cloud in one place. It's scalable if you're all Microsoft, but if you have Linux, I wouldn't say it's that scalable. You might have to do some work.

We have about 70,000 users. It's a global solution for everyone in our organization.

I have never used the technical support of Microsoft. But the documentation is good, very clear, very easy to use, and in one spot. We find whatever we are looking for.

For DLP, I used Symantec in another organization. In this organization, we used to use McAfee DLP. We switched mainly because of the price. Microsoft provides a bunch of tools for a fixed price, so there are other features that come with that suite of tools.

I believe we have seen return on investment because new engineers know their way around very fast. When I joined the company, it took me just one month to make my way around everything. It's easy to get our hands dirty and start working.

Despite some setbacks regarding the premium features for automating and integrating in Power Apps—you can only use the handiest stuff if you pay a premium price—there are many good things that come with the license that we already have. There is training as well; we can attend as much training as we want. They also provide good support. Overall, the pricing is okay.

The fact that Purview works across multi-cloud and multi-platform environments, is important, in spite of the fact that we mainly use Microsoft and Azure cloud. It's good if we plan, in the future, to move to another cloud service. Also, it's good that Purview can connect to iOS, Mac, and Android devices. The more tools we can integrate the better, because it enables us to scale very fast, even though right now we don't use it on iOS and those other systems.

Purview is still very new for us, even after one year. We're still looking into how things can be done. We're a global company and there are many policies and many different laws across the globe. Sometimes we can't do everything we could theoretically do with the tool. It's a powerful tool but we are still discussing legal matters across the globe.

Regarding maintenance of Purview, we just check if it's up to date and what updates Microsoft has provided. But we don't have to do too much.

I started working with this tool one year ago and I'm really impressed with its capabilities. I have worked in other banks and we had to use so many things to get one thing done, so I have a positive impression of Purview. I would definitely recommend trying it.

I am working on Microsoft Purview Data Loss Prevention for multiple locations like SharePoint, OneDrive, device level, and exchange level. We also use it for on-premises and cloud applications, including Power BI. We have implemented it in multiple locations with different conditions and actions.

I like the sensitivity labels and data security posture management for AI. Insider risk management and data retention are also beneficial. Microsoft Purview Data Loss Prevention usually performs well, except for endpoint Data Loss Prevention, which may need improvements.

Endpoint Data Loss Prevention needs to be improved as it is not up to expectations. Auto labeling and Data Loss Prevention (DLP) for devices need improvement as well.

I have been working with Microsoft Purview Data Loss Prevention for one and a half years.

Sometimes the solution is not stable when the internal connection is not reliable, so this aspect needs improvement.

For Microsoft ecosystem, scalability is good. However, for device level, it needs improvement. Onboarding is fine, however, the policy working and detection technology need enhancements.

Microsoft Purview Data Loss Prevention is cloud-based and does not require traditional installation. Maintenance is minimal.

I rate the overall solution 3 out of 10.

I had different use cases with Microsoft Purview Data Loss Prevention. One of my customers was already working with McAfee DLP, and they migrated from McAfee DLP to Microsoft DLP. I had to do the entire migration and ensure it was working as they expected. They had selected the tool, but I had to ensure it was implemented throughout and tested. It was live in the environment as well.

In this case, I implemented Microsoft DLP for four Microsoft services, including OneDrive, Teams, SharePoint, and Exchange email. An endpoint DLP was implemented for the endpoints.

The solution's most valuable feature is the mature O365 DLP, which works with SharePoint and Teams. It works fine, but we have to make sure that we are doing it right.

My main concern was more about the endpoint side because you should have many different functionalities on the endpoint. Endpoints are not just about the USB or the network share. They deal with many things, and we should be able to understand them.

We should have different settings available on the endpoints about what should be allowed, what should not be allowed, off the network, on the network, etc. The endpoint needs some improvement.

A major improvement is required in the solution's incident handling and alerting. It is a mess, and it cannot handle anything. I don't know what Microsoft is doing. It is really sad. It is a very good endpoint product but does not work as expected.

If an email is detected, I have email evidence because it is going through the exchange. I can download the image, and the operations team can look into the kind of email sent and so on. The evidence is there for forensic purposes.

Microsoft has given functionality for endpoints where anything violating the content on the endpoint should be uploaded to some storage location in Azure Cloud for evidence purposes, which does not work at all. Microsoft has provided it, but their technical team does not know how these things work, which is really sad.

The solution's incident handling is pathetic. They have the compliance portal and security portal. You get alerts on both the compliance portal and the security portal. Having two different alerts on the security and compliance portals does not make sense.

Incidents are not categorized properly. All the incidents are put together, which is really sad. It's not about detecting the data; it's more about handling it once it is detected. I know the data has been detected, but it is useless if I cannot figure it out or work on the incidents. The tool does not make sense to me.

You would face some difficulties on the endpoint side. It is really difficult when you're working on the endpoints. Microsoft is not clear on how they want to portray this product.

For the past four years, I've worked on and off with different tools, including Microsoft Purview Data Loss Prevention. I have at least three years of experience with Microsoft Purview Data Loss Prevention.

The solution’s technical support is pathetic.

Negative

You cannot compare Microsoft with other DLP products because they are very mature products. Microsoft is not a mature product. It gives you the functionalities, and organizations buy it because they need not spend elsewhere for these options.

People should think a lot before choosing Microsoft Endpoint products. Data security is very important, and we cannot just choose a solution because you're getting it for free.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a seven out of ten.

You get the solution in a bundle if you get the E5 suite. Some additional charges are there for your endpoint DLP because that comes with your endpoint management.

Overall, I rate the solution a seven out of ten.

Our approach involves issuing warnings when users send over twenty sensitive messages, such as bank account numbers, across various channels like email and chat.

Having visibility into the quantity and reasons behind the data we send out is crucial. This is particularly significant when dealing with sensitive information like Social Security Numbers, especially in the context of desktop backups. This newfound visibility not only contributes to time and potentially cost savings but also enhances credibility. Leveraging blocking in our policies serves as an effective remediation measure. When a policy is in place, it acts as a gatekeeper, preventing users from carrying out actions that go against the specified policy, even if they intend to do so. This proactive approach ensures a robust defense mechanism.

The most valuable features are identifying sensitive data and issuing alerts. This was further enhanced by email notifications sent to our secondary mailbox, providing comprehensive oversight of website activities. These features have proven to be beneficial in our role within the financial sector, where safeguarding customer data and ensuring overall data security are top priorities. Ensuring secure connectivity to iOS is vital, with enabled features on endpoints being essential for data security. The importance of data protection expands to the cloud and various platforms, especially in the context of deploying applications across multiple environments.

There are still inconsistencies in the functionality of mail tips and related features. Occasionally, the system fails to recognize words and content accurately in applications like Word and Excel, with effectiveness contingent on simplification. There is a need for improvements, particularly in ensuring that file-based recognition is more reliable and comprehensive.

I have been using it for two years.

I would rate its stability capabilities six out of ten.

I would rate the scalability abilities seven out of ten.

The support is commendable, but there are notable issues with the product, particularly concerning exchange clients, which adds a layer of complexity. I would rate it seven out of ten.

Neutral

I previously worked with Symantec.

The initial setup proved to be somewhat complicated due to the challenges and issues we encountered.

During our initial implementation of DLP, we encountered several challenges, particularly with issues like malfunctioning mail tapes and difficulties in downloading policies correctly. Despite ongoing efforts by the team to address these issues, there were limitations in policy functionality, with successful implementation observed primarily on the web client rather than the client side.
It took nearly six months to conclude and finalize various aspects.

The ROI is inherent in the existing license, making it unnecessary to incur additional expenses for another tool.

Overall, I would rate it seven out of ten.

We use Microsoft Purview Data Loss Prevention for the entire life cycle and not just DLP. That is, we use it for discovery, classification, and DLP.

Earlier, our customers had no control at all over compliance, and confidential documents that were going out were not at all looked into. Microsoft Purview Data Loss Prevention has been a huge benefit to our clients in this regard.

I like the whole value proposition of Microsoft Purview, particularly the DLP and integration with external solutions.

Purview's natively integrated compliance across Azure, Dynamics 365, and Office 365 is important to us because it's all about compliance.

Organizations have various compliance policies including the regulatory policies that are defined within the organization and those for a particular region. Therefore, it is important to our organization that Purview is built taking into account critical regulations from around the world.

This solution enables our clients to show compliance in real time and has helped them in their meetings with compliance regulators.

Purview Data Loss Prevention provides presentations to educate users on how best to handle sensitive data. When the user doesn't know whether a document should be classified under a certain label, Purview will provide suggestions or will auto-classify the particular document. It has automatic labeling capabilities.

It's important that Purview provides data protection for iOS, Android, and data in other SaaS apps because our customers have heterogeneous environments. Purview perfectly fits into the heterogeneous space.

Purview has reduced the number of solutions needed to interact with each other and has coexisted with them. Some customers have completely replaced their solutions with Purview, and others have Purview for classification labeling and a third-party solution for the DLP verdict.

It has helped our clients to reduce the time to action on insider threats because it can be integrated.

I would like Microsoft Purview Data Loss Prevention to be on the source code or SQL databases. It is difficult to do classification and labeling when you have a third-party source code or a third-party Oracle database. It is seamless when it comes to Microsoft documents but is not so with third-party source codes. Microsoft needs to work on it a little bit more.

Everybody wants information protection, but not all of them can afford the M365 license. I would like Purview to be a standalone product or solution.

We've been working with this solution for the past three years.

It is definitely stable.

Our clients are medium to large organizations, and Microsoft Purview Data Loss Prevention has to be a scalable solution for them.

Overall, Microsoft's technical support is good, and I would give them a rating of six out of ten.

Neutral

The initial deployment is straightforward. We can quickly configure the policies, but the classification and labeling take time.

The solution does require monitoring.

Microsoft Purview Data Loss Prevention is part of a bundle and is not sold as a standalone product.

I recommend Microsoft Purview Data Loss Prevention and rate it at nine on a scale from one to ten.

A client was interested in Microsoft Purview Data Loss Prevention and Forcepoint LP solutions. They wanted to understand the difference between Microsoft Purview Data Loss Prevention and Forcepoint features.

Microsoft Purview Data Loss Prevention is known for its user-friendly interface, making it easy to configure the DLP system. It allows monitoring of data movement, ensuring sensitive data is protected. It ensures data is retained within the organization. 

Also, it's secure and can be integrated with an existing Forcepoint DLP setup.

Some main features are limited in comparison to other solutions. There is an issue where data transfer from a local to shared drive works, but shadow to local does not. Also, setting a whitelist for two pilot users often affects all users. There is no audit option in standard DLP, which is crucial for monitoring. Integration documentation is incomplete.

Microsoft Purview DLP implementation was almost a year ago.

Real-time working has issues, and the system sometimes doesn't operate as expected.

Microsoft Purview DLP shows strong scalability and availability.

The level of knowledge from customer service was limited, as seen when a representative seemed confused about integration processes.

Neutral

The client was already using Forcepoint DLP and wanted to compare it with Microsoft Purview Data Loss Prevention features.

With the E5 license, various features of Microsoft Purview Data Loss Prevention are available. It offers an economical solution compared to others.

The client was evaluating Microsoft Purview Data Loss Prevention against Forcepoint DLP to decide whether to switch or use both.

Based on my experience, I rate the Microsoft Purview Data Loss Prevention solution seven out of ten. Microsoft DLP is effective yet has room for improvement in some areas. Reviewing other available options and comparing the benefits can be helpful.

The solution's IDM (Indexed Document Matching), EDM (Exact Data Matching), and DCM (Described Content Matching) features have been most effective in identifying and mitigating potential data leaks.

We faced a performance issue with the tool when we didn't get alerts for file uploads.

I have been using the solution for eight months.

I would recommend the solution for larger companies.

The technical support team takes a long time to resolve issues. We contacted the support team for issues we faced while migrating from another DLP to Microsoft Purview DLP. Although the support team said they would address the issues within 24 hours to a maximum of two days, they took around four to five days. The waiting period for the support team is longer.

Neutral

I previously worked with Symantec DLP. I prefer Symantec DLP over Microsoft Purview DLP because Symantec is easy to connect and navigate. Comparatively, managing and conducting investigations on Microsoft Purview DLP is difficult. Sometimes, Microsoft Purview does not work as expected.

The solution’s initial setup is easy.

The solution’s pricing is reasonable.

It is easy to upgrade the solution.

Overall, I rate the solution an eight out of ten.