Microsoft Purview Data Loss Prevention is used to provide intelligent detection and control of sensitive information across Office 365, OneDrive, SharePoint, Microsoft Teams, and on the endpoint. It also helps prevent data loss through identifying and preventing risky or inappropriate sharing, transfer, or use of sensitive data on endpoints, apps, and services.
N/A
Microsoft Sentinel
Score 8.6 out of 10
N/A
Microsoft Sentinel (formerly Azure Sentinel) is designed as a birds-eye view across the enterprise. It is presented as a security information and event management (SIEM) solution for proactive threat detection, investigation, and response.
It's definitely best for customers. If your main collaboration tools are hosted on Microsoft 365, and your company uses M365, this is a no-brainer. So this integrates pretty nicely with all Microsoft applications. So it becomes a no-brainer to go with this. Less appropriate would be like if you already are using another solution to do classification, I would still stick to Microsoft Purview Data Loss Prevention being that classification, but if you want to use it in the scenarios where you already have a tool and you're classifying documents, data, using that tool and you want Microsoft Purview Data Loss Prevention just to label and apply protection documents that is also supported, but the comprehensiveness, the end-to-end story would still be missing if you're investigating an incident.
It's certainly well-suited in environments that rely heavily on Microsoft products, and it's well-suited for environments where you have other business drivers to go to the E5 license. If I were to say where I would not and why, I only gave it a seven on the recommendation, that answer would probably vary if you already owned E5 or not. It's extremely expensive. And if there are other alternatives, if you don't have any other driving reason to go to E5, I would coach you not to go to Microsoft Sentinel. But if you're there, it's a fantastic property. It's certainly part of the cost argument for moving to E5, but it's only a part. It can't by itself justify the move to E5.
The ability to create groups of people that would access a certain label, having been able to organize the data access to the document access, and protecting repositories with the same level of criticality, regardless of where they're located in the company. That's quite good because we had a lot of document distribution, and it helped provide the same layer of protection regardless of where they're stored.
The other good thing is that it provided traceability of what was going on with the label. So I could understand how many people were trying to access a document that weren't meant to. So it gave me an idea of how well protection was working, not only because people who did have access accessed it, but also I could trace that people who didn't have access couldn't do it.
It's the scale. Having built-in detections and vulnerabilities and the ability to see into the traffic flows is absolutely key. Look at it from my perspective as network security. We want to see what's going on east, west, between all the kinds of subscriptions and the tenants. We don't have that. We don't have that with any other product. Microsoft Sentinel gives us that kind of visibility.
I'd say over the last couple of years, there have been some great advancements in Microsoft Purview Data Loss Prevention, so I really do like that. I think some of the challenges I see with Microsoft Purview Data Loss Prevention today are in the first-party world; it does provide some real-time capabilities, but the alerting on DLP has a big lag. And some of our customers, actually, one of my customers in particular, whom I advise heavily, ran into a situation where they were getting hours of delays when they were getting critical, sensitive alerts. So being able to provide that in a more real-time way for both internal use within Microsoft and for third-party products, I think, would be significantly impactful. E-share, as a platform, also uses DLP in order to automate our policy, as I mentioned before. And some of that is a challenge because some of the capabilities we do need real-time information for aren't exposed to us based on the current capabilities that Firmy provides.
An area for improvement is how case management is surfaced within the Microsoft Sentinel experience, as clearer integration into Sentinel workflows would reduce context switching and improve incident handling.
There is an opportunity to further expand agentic, autonomous investigation and response capabilities.
Just because it's so easy to navigate and, for the most part, even areas that I don't know about, the support channels are very clear and concise, and they respond very quickly to whatever I need. They'll guide me through whatever I don't understand, and sometimes there are a lot of things added in there.
Because, as I said, it still lacks a lot of things, like many playbooks outside the Copilot integrations and the actual remediation. For example, for Microsoft Sentinel and SAP, I would want to see Copilot doing a lot of remediations in Microsoft Sentinel at SAPN, like executing the transaction code, maybe creating certain increases, or remediating stuff like that, which is all customized.
Microsoft support is one of the highest rated on the market. It has global and multilingual support. Calls can be made over the phone and the solution is virtually instantaneous with the help of Microsoft engineers. It's great!
Symantec or now? Brocom. Forcepoint, GPV. I'm trying to think of, there's a couple more. I can't think of the top of my head. I would say closer to the bottom then rather than the top. So because of the fact that yes, it integrates well. But in terms of the actual functionality of DLP, there are other requirements that they just don't have the features for yet.
Microsoft Sentinel excels in cloud-native scalability, Microsoft ecosystem integration, and AI-driven threat detection with UEBA and Fusion rules, offering faster deployment and lower costs (48% cheaper per Forrester) than Splunk, QRadar, Exabeam, SentinelOne, Securonix, and Wazuh. It lags in third-party integrations and syslog parsing. Organizations choose Microsoft Sentinel for its cost-effectiveness, automation, and Microsoft synergy, especially in Azure-heavy environments, though Splunk and Exabeam lead in flexibility and UEBA, respectively.
Microsoft Purview Data Loss Prevention is included within the E5 license suite providing value to organizations who are using Microsoft technologies for their organization.
Provides the most extensive integration for Microsoft technologies.
Highly effective for building out a Data Security program and reducing risk exposure associated with data exfiltration.
Provides cross collaboration between assurance functions in a company (Security, Privacy, Risk, Audit)
As any cybersecurity product, this has to be more with risk to avoid loss in case of a ransomware that more than relate to a productivity increase. Maybe the impact could be that instead of having people that are checking 24/7 the dashboard, you could implement Sentinel and have less people checking that or people with less expertise. So the saving will be a minor but will be a saving in the cost of your team.
