We performed a comparison between Microsoft Purview eDiscovery and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool has been beneficial. Some of our previous users left the organization without sharing the information they had at a personal level. This information was related to the organization, and they didn't disclose it. Thanks to the product, it's easy for me to search and find out what communication a specific user has done, whether it's from SharePoint or any other platform. With Microsoft Purview eDiscovery, we can easily retrieve and restore this data."
"I think eDiscovery Premium has made dealing with data from Teams much more accessible than any other platform."
"The machine learning wasn't half bad. I really like that part. I thought it was novel. It pretty much automated it, once you trained the model."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"It has basic out-of-the-box integrations with multiple log sources."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Microsoft Purview eDiscovery should be cheaper."
"I see two significant challenges with many of my clients. One is that there are some functionality gaps compared to specialized tools in the legal industry, like a legal hold tool or a document review tool. They have features that Purview eDiscovery lacks. Those gaps create a situation where I almost have to do things twice. I need to collect all my data in eDiscovery and ship it to another platform to complete the review."
"Purview eDiscovery works, but it's not entirely perfect. There were times when search results would get hung up or error codes would be presented and we'd have to contact Microsoft to get that sorted out."
"If I can use Sentinel offline at home and use it on a local network, it would be great. I'm not sure if I can use Sentinel offline versus the tools I have."
"If Sentinel had a graphical user interface, it would be easier to use. I would also like it to be more customizable."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Add more out-of-the-box connectors with other SaaS platforms/applications."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"One key area that can be improved is by building a strong integration with our XDR platform."
Microsoft Purview eDiscovery is ranked 25th in Microsoft Security Suite with 3 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Purview eDiscovery is rated 7.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Purview eDiscovery writes "It has improved visibility and simplified data review, but it lacks many features found in specialized tools". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Purview eDiscovery is most compared with Google Vault, Microsoft Purview Data Governance, Veritas Enterprise Vault.cloud, Varonis Platform and Smarsh eDiscovery, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Elastic Security. See our Microsoft Purview eDiscovery vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.