Microsoft Defender for Endpoint vs. Microsoft Purview Data Loss Prevention

Microsoft Defender for Endpoint is easy to deployed across the entire organization. Having a cloud based solution with a single pane of glass to manage all assets is a real no-brainer. Being able to receive immediate alerts when suspicious activity occurs is extremely helpful in keeping risks at a minimum. Microsoft Defender for Endpoint management is also smart enough to not send several alerts when an attack could be hitting multiple targets within a certain time frame or when it's the same attack multiple times. However, be prepared to click through multiple pages all over the site to figure out what happened when an attack occurs.

Incentivized

I would highly recommend Microsoft Purview Data Loss Prevention for companies that are utilizing Microsoft technologies based on the strong integrations. If a company is using other technologies (e.g Google Workspace), then Microsoft Purview Data Loss Prevention would not be a good fit and would be difficult to implement/manage.

Incentivized

• One, it's crazy lightweight, so compared to some of the competitors that we also have used with our security services, it's really lightweight and so I don't have a lot of overhead on the system that it's running on.
• It does really fantastic PowerShell integration.

Incentivized

• Automatic labeling, once we've trained the naming conventions and things like that and we get the labels placed on things. One of the biggest problems that our clients face is the fact that they don't particularly know every single time exactly the data that they're trying to protect, how to identify it when it comes into the system or when they create it, right? So we're using Purview and we're using the abilities that Purview has to auto-label things based off of either taxonomy that you have produced or created or that have been automatically populated through AI. That makes it a lot easier and kind of thwarts possible user error that causes problems for organizations.

Incentivized

• It would be good to continue to minimize the amount of resources needed during a scan
• Provide more integration with Outlook to scan attachments with a notification that everything is good
• Provide a Click to Fix option when listing issues or high-risk problems on systems

Incentivized

• Overall, Microsoft DLP is not my number one choice because there's not much flexibility. There's a lot of restrictions and the way they set up rules a lot really restrictive. Thus it takes a lot more time for my team to build the rules and establish the controls as needed. So it's very clunky in that way and they have not improved it over the years, but I know they're trying to get a better, however it takes time because Microsoft, as we all knows, not a really security centric company.

Incentivized

Cost add-ons for Security features is nickel and diming the process to keep pace with cybercrime. Limited Education budgets require us to be more pro-active in finding cost-effective measures to protect our devices, staff and students. Defender is a strong, well-featured product that is pricing itself out of the education market

Incentivized

It offers multiple security features and integrates well with Microsoft ecosystems. A workflow for threat detection, investigation, automated remediation, and a centralized dashboard is an added advantage. This application is mainly designed for experienced users; new users may feel challenged.

Incentivized

Microsoft Purview Data Loss Prevention is super difficult.

Incentivized

Microsoft Defender for Endpoint chugs along just fine no matter what we throw at it and what systems it's running on. It doesn't take up a lot of resources either, so that's welcomed.

Incentivized

Microsoft Defender for Endpoint is easy on memory and resources on clients.

Incentivized

The first time I tried to onboard my macOS endpoints to MDE I struggled for quite a bit. I had to reach out to Microsoft's MDE support team. The tech was very helpful in walking me through the steps during a screen share session

Incentivized

Deployment was handled by our team here and everything went pretty smoothly. We did have a few hiccups in our test group, but that only took a bit to get ironed out.

Incentivized

Defender is far easier to deploy and manage than Sophos and tends to work without as many issues. The threat assessment portal provides an in-depth view of the organization's security posture, whereas Sophos only shows the patching status of the PCs. We did need Intune to get many of the control features (disabling USB drives) that Sophos offered out of the box.

Incentivized

There are much more comprehensive and granular DLP solutions out there like Trellix and Sophos but ultimately they are expensive and require significant administrative oversight for implementation and deployment. For a company of our size, they are just not economically feasible. We purchased out 365 E5 tenant with Purview DLP integration from a reseller at a price that we couldn't compete with vs a standalone enterprise product.

Incentivized

Microsoft Defender for Endpoint is easily scaled from small orgs to giant enterprises.

Incentivized

• Reduced incidents of security breaches lead to lower remediation costs and avoid potential financial losses and reputational damage.
• Reduces the need for additional third-party security solutions and training, thereby lowering overall security management costs.
• Increased efficiency and productivity of IT staff lead to better allocation of resources and cost savings.
• Reduces the risk of fines and sanctions associated with non-compliance, ensuring business continuity and protecting revenue.

Incentivized

• It has helped us to prevent data breaches and protect them from data loss.
• It has strong visibility on the activities related to data copy to and from removable devices.
• It can easily enforce the policies on group of users and also exclude some in the exclusions

Incentivized