The most effective DLP suite for Microsoft environments
April 30, 2025
The most effective DLP suite for Microsoft environments
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Microsoft Purview Data Loss Prevention
I oversee our Information Security program and utilize Microsoft Purview to govern and enforce aspects of our Data Security including data discovery, data classification, data retention, and data loss prevention. As an E5 customer, Microsoft Purview is included and has strong integration into the Microsoft ecosystem. We utilize it to scan our files stores including OneDrive, SharePoint, Teams, and Email as well as data stores within Azure. The product comes with built in classifiers to detect sensitive content (e.g. SIN/SSN, financial information, health information, etc...). It also allows trainable classifiers to be created to detect content that is proprietary to organizations.
There are multiple levels of DLP controls which can be applied at various points in the data path to reduce risk of unwanted data disclosure, or malicious exfiltration.
There are multiple levels of DLP controls which can be applied at various points in the data path to reduce risk of unwanted data disclosure, or malicious exfiltration.
Pros
- Extensive library for data content classifiers.
- Strong integration with Microsoft products allowing effective controls to be applied (e.g. Exchange/M365 for email, Microsoft Defender for Cloud Apps to control web, SharePoint/OneDrive to apply policies on sharing.)
- Insider Risk module provides visibility into suspicious activities which may not be detected by regular DLP rules.
Cons
- Requires a lot of time to configure. This is not unique to Purview DLP, but new customers should anticipate this and allocate sufficient time and resources to plan for a successful deployment.
- Steep learning curve. There are a lot of sections, pages, and tabs which need to be configured. Learning where to find these and what each setting does will require subject matter expertise.
- Integration with Microsoft Defender suite is lacking. Purview is designed for Data Governance, Compliance, and Privacy. For this reason, it makes sense to be standalone; however, the DLP modules should have stronger integration into the Microsoft Defender console where Security teams spend the bulk of their time.
- Microsoft Purview Data Loss Prevention is included within the E5 license suite providing value to organizations who are using Microsoft technologies for their organization.
- Provides the most extensive integration for Microsoft technologies.
- Highly effective for building out a Data Security program and reducing risk exposure associated with data exfiltration.
- Provides cross collaboration between assurance functions in a company (Security, Privacy, Risk, Audit)
Varonis provided great visibility into file permissions and audit records. It did not provide DLP controls for things like email, and endpoints therefore making it incomplete to provide proactive controls against DLP threats.
Do you think Microsoft Purview Data Loss Prevention delivers good value for the price?
Yes
Are you happy with Microsoft Purview Data Loss Prevention's feature set?
Yes
Did Microsoft Purview Data Loss Prevention live up to sales and marketing promises?
Yes
Did implementation of Microsoft Purview Data Loss Prevention go as expected?
Yes
Would you buy Microsoft Purview Data Loss Prevention again?
Yes
Microsoft Purview Data Loss Prevention Feature Ratings
Comments
Please log in to join the conversation