Microsoft Purview Information Protection offers sensitivity labels, automated classification, and encryption to protect data across platforms while integrating with M365, Azure, and AWS to prevent unauthorized access and enhance data governance.
| Product | Mindshare (%) |
|---|---|
| Microsoft Purview Information Protection | 2.1% |
| Microsoft Purview Data Governance | 8.6% |
| Collibra Platform | 7.6% |
| Other | 81.7% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Data Governance | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | Microsoft Purview Information Protection vs Collibra Platform | Jun 23, 2026 | Download |
| Comparison | Microsoft Purview Information Protection vs Microsoft Purview Data Governance | Jun 23, 2026 | Download |
| Comparison | Microsoft Purview Information Protection vs Informatica Intelligent Data Management Cloud (IDMC) | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Microsoft Intune | 4.1 | N/A | 95% | 378 interviewsAdd to research |
| Microsoft Defender for Endpoint | 4.1 | N/A | 95% | 212 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 5 |
| Midsize Enterprise | 2 |
| Large Enterprise | 11 |
| Company Size | Count |
|---|---|
| Small Business | 140 |
| Midsize Enterprise | 81 |
| Large Enterprise | 241 |
Microsoft Purview Information Protection supports compliance with regulatory standards through features like data loss prevention and intuitive DLP rules. It integrates with multiple platforms such as M365, Azure, and AWS for extensive data protection. The platform helps manage sensitive data through automated labeling and effective policy deployment. While there are areas needing improvement like third-party integration, API support, and policy enforcement consistency, Purview remains a powerful tool for businesses to assess data usage and reduce unauthorized access.
What are the key features of Microsoft Purview Information Protection?Companies across various industries implement Microsoft Purview Information Protection to apply sensitivity labels to emails and cloud content like OneDrive and SharePoint. It's utilized for data classification, loss prevention, and governance. Microsoft partners use it for SAP integration and compliance assessments, while consultants focus on protecting and managing data efficiently for clients centered around Microsoft solutions.
Microsoft Purview Information Protection was previously known as Microsoft Information Protection.
| Author info | Rating | Review Summary |
|---|---|---|
| Associate Director at LTI - Larsen & Toubro Infotech | 4.0 | I utilize Microsoft Purview Information Protection for comprehensive data discovery, classification, and protection. It integrates seamlessly with existing tools, offering cost-effective solutions via an E5 license, though improvements in response time and structured data classification are needed. |
| Technology Partnerships Senior Principal at a tech vendor with 1,001-5,000 employees | 4.0 | I've used Microsoft Purview Information Protection for four years, valuing its sensitivity labels for protecting unstructured files. It's stable and scales well, though I desire a more seamless user experience. It's ideal for heavy Microsoft shops. |
| Director, Network & Cloud Infrastructure at a legal firm with 501-1,000 employees | 4.0 | I use Microsoft Purview Information Protection mainly for sensitivity labeling, which simplifies policy enforcement, though limitations in AI classification, scalability, and occasional instability hinder efficiency; setup and licensing are also confusing, but overall, it integrates well within our Microsoft ecosystem. |
| Principal Consultant at Sector 125 | 4.0 | I’ve used Microsoft Purview Information Protection for over two years and find it easy, stable, and straightforward to deploy and integrate, with strong security fit. Pricing is acceptable, but I’d like richer AI and third‑party integrations. I rate it 8/10. |
| Director, Network & Cloud Infrastructure at a legal firm with 501-1,000 employees | 4.0 | I've used Microsoft Purview Information Protection for sensitivity labeling, which applies policies automatically, though its AI-driven classification isn't precise enough. It's promising but unstable at times, hard to scale, and has confusing pricing and deployment processes. |
| Technical Services Manager, Cloud at a energy/utilities company with 1,001-5,000 employees | 3.5 | I've used Microsoft Purview Information Protection primarily for document labeling, appreciating its automated controls and integration with our tools, though AI classification and dictionary features need improvement; overall, it enhances our data security and compliance. |
| Director Security Architecture at a financial services firm with 5,001-10,000 employees | 3.0 | I found Microsoft Purview Information Protection useful for easy DLP configuration and data protection, but it struggles with false positives and inconsistent policy enforcement. It meets security objectives but lacks ROI benefits and needs improvement in accuracy and compatibility. |
| Program Manager, Worldwide at a tech services company with 11-50 employees | 4.0 | I've used Microsoft Purview Information Protection to prevent data leakage and appreciate its classification and eDiscovery features, though licensing complexity and AI label integration need improvement; overall, it's reliable, scalable, and valuable despite support and setup challenges. |
| CEO at Blue Cycle | 4.0 | I use Microsoft Purview Information Protection to support Copilot readiness, valuing its broad sensitivity labeling and integration capabilities, though limited APIs hinder automation; overall, it's effective for securing data and enabling confident AI use in hybrid environments. |
| Mgr Data Engineering at Avanade | 3.5 | I initially used Microsoft Purview Information Protection for Office 365 and later expanded to Azure SQL and Power BI. While beneficial for integration and ROI, the auto-classification and product communication need improvement. Microsoft's ecosystem integration influenced my choice over alternatives. |
They have data discovery and classification for their data sources, and they want to protect data moving outside for DLP. They want to protect data on emails, they want to protect data on endpoints, and they want to protect data by uploading the files on cloud applications. These are the use cases which we have implemented.
One solution is Azure Information Protection, which is a good solution. It is an agent-based solution which helps in real-time giving data discovery and classification.
Microsoft solution is all cloud-based solutions, so most of the customers have deployed this on cloud, but some of the customers have also used them for on-premises data scan.
They usually use Azure cloud because it is Microsoft proprietary, so they have to get an E5 license from Microsoft to use this product.
Microsoft Purview Information Protection helps in terms of identifying and giving an overall report of data, specifically in getting what data they have in their environment and providing an overall view of what kind of data they have and where it is stored. Based on that, the customer has made their decision in terms of how they want to protect it. It is a great solution; the only challenge is that some of the capabilities are not working as expected. As far as client concerns go, they know that from Microsoft, at least 70% of things can be achievable.
The product is still in a growing phase. I could see that many use cases in their product are not capable enough in terms of detecting or protecting. Compared to other products, they are in the middle of bringing their solution up to the mark, so it is not a full-grown solution.
They have to get more accurate results in terms of data discovery and classification. The second thing is their support; support from Microsoft takes a lot of time to get a response from their support team. The third thing is their OCR capability is not that great in terms of identifying the documents.
We would love to see response times of less than 24 hours. Additionally, there is no way to check the policy's current status in terms of whether it got synced or not. You have to wait and test the use cases after 24 hours or after 48 hours, and once it starts working, then it appears the policy got implemented.
Deployment is pretty straightforward; it is not a challenge in terms of implementing Microsoft Purview Information Protection. However, one thing which as an implementer or as a customer we have to keep in mind is that the policies take a lot of time in terms of getting implementation or getting reflected on the system. If I have updated the policy today, I can see the result after 24 to 48 hours.
Stability and reliability are good; the product is stable. Whatever the product does, it does better than any other solution, but for features it does not have, we have to wait for the next release, or we have to wait for the support team to provide workarounds. Stability and reliability are good, so we can trust and use this product.
The support from Microsoft takes a lot of time to get a response from their support team.
Neutral
They are using multiple solutions, and my customers have also invested in other solutions. For example, Varonis is one solution where they are achieving some of the use cases from Varonis and some of the use cases from Microsoft Purview.
Pricing is good because if somebody is looking for an overall cybersecurity solution, Microsoft has one license with many solutions bundled with that license. The E5 license covers most of the solutions for different technologies, so it is good and more affordable compared to any other solution.
Microsoft Purview E5 license comes with different solutions including data discovery classification, CASB, DLP solution, and Defender for Cloud. Multiple solutions have been integrated into one license, whereas previously, customers were using different solutions for different use cases. Now, with one E5 license, they are able to manage all the use cases, achieving unified console and unified licensing, which has brought their costs down.
They are capable enough in terms of regulatory compliance, but most of the features mentioned in their capability are not working, which is where the challenge lies.
For unstructured data, they are up to nine out of 10, but for structured data, they are not up to the mark, scoring six or seven in terms of integration and performing scanning.
It gets integrated with most of the data sources and solutions, with pre-built APIs already available. There is no challenge in terms of integration, and Microsoft brings many new APIs for their data sources every month, making it easy to integrate.
Microsoft is constantly bringing new technologies and integrating them with their solution. Microsoft Purview Information Protection is continuously enhancing the product and trying to match market needs by bringing new technologies and solutions to their portfolio.
Microsoft has invested heavily in AI with their Copilot, which many companies are using. They have out-of-the-box DLP policies for AI, which ensure sensitive content is not moving outside. Once implemented, you can monitor user activity inside risk management and take action to block sensitive data while uploading AI applications.
On a scale of 1-10, this solution rates an 8.
My main use case for using Microsoft Purview Information Protection is protecting our unstructured files.
The feature I like the most about Microsoft Purview Information Protection is sensitivity labels.
These sensitivity labels have benefited our organization by helping us protect our confidential information from abuse by the wrong parts of the company or external exfiltration.
In my opinion, Microsoft Purview Information Protection can be improved by having a more seamless user experience and ease of use in protecting both structured and unstructured data.
I have been using Microsoft Purview Information Protection for four years.
I would assess the stability and reliability of Microsoft Purview Information Protection as stable.
I have not experienced any downtime, crashes, or performance issues.
I think Microsoft Purview Information Protection scales seamlessly as far as the Microsoft landscape goes with the growing needs of my organization.
I would evaluate customer service and technical support as decent.
On a scale of one to ten, I would rate their customer service and technical support as eight, because it can be a little bit cumbersome, but when we need to escalate, we are able to get things handled.
Prior to adopting Microsoft Purview Information Protection, I was not using any other solutions to address similar needs.
To my understanding, my experience with deploying Microsoft Purview Information Protection is relatively seamless.
Integrations have been challenges, but there are things that have worked well.
It is hard to quantify the ROI with Microsoft Purview Information Protection, but we are satisfied with the way it decreases our risk.
In guiding AI interactions with Microsoft Copilot regarding grounding, access, and sharing behaviors, I think the role of sensitivity labels is something we are still looking into, but I think it will be very important.
In the context of the AI boom, I think it is relatively important that Microsoft Purview Information Protection automatically prevents highly sensitive corporate secrets and PII data from being ingested into generative AI models. I think it is important because the way that most companies are going to use those models within the boundaries of their systems will make it so there is limited risk in ingestion at use, but I think it is a really important layer of the protection stack.
Microsoft Purview Information Protection integrates with the productivity and security tools that I use regularly, but I wish they had better integration with OneTrust.
I think it is important to have a single solution for information protection because our security team does not want to manage multiple solutions.
I am not sure about the API ecosystem provided by Microsoft Purview Information Protection for extending sensitivity labels to non-Microsoft services.
I think Microsoft Purview Information Protection's data classification abilities work pretty well for data within the Microsoft stack, given that they include identifying both specific types and broad categories of sensitive information.
We considered Microsoft Purview Information Protection because it came with E5, and that is why we use it. It is hard to keep track of their roadmap and their user experience changes, but I have expanded usage.
On a scale of one to ten, I would rate Microsoft Purview Information Protection overall as eight. My advice to other organizations considering this product is that it is best in the business if you are a heavy Microsoft shop.
My main use case for Microsoft Purview Information Protection is sensitivity labeling. I use it for exposing labeling for inside Teams, outside Teams, and similar applications.
My favorite feature about Microsoft Purview Information Protection is how it applies to everything generally, so I don't have to do it manually. I set a policy and then it applies. When my teams create individual teams, I don't have to worry about them sharing information that they should not or that they cannot. It also notifies end users with labels and tooltips, which I appreciate.
I evaluate the role of sensitivity labels in guiding AI interaction as pretty good, but for us, it's too general. It says, "Here's a dataset," and because it's in this folder, it's just going to apply this label. It would be much nicer if it could analyze the content and say, "This is attorney-client privilege. This is company restricted," rather than applying labels based on folder structure, since my patch notes for a server are not the same as another company's.
Having AI in Microsoft Purview Information Protection is going to be very important for me because our datasets are so large that we're not going to be able to do the classification ourselves. In order for us to use Copilot and expose any data, I have to do the sensitivity labeling first. That's a big task, and the users managing the data are not going to do the work.
I have not had much luck or much experience with the comprehensiveness of the data classification abilities in Microsoft Purview Information Protection, including identifying categories and sensitive information. The information we had at the time just showed that it's going to read all of our information and apply its own set of labels, which scares management. Once you apply the label, how do you get it off? And how do you go back and check the work? You can't.
I believe what can be improved in Microsoft Purview Information Protection needs to be more precise to my needs. One feature I'd have appreciated that doesn't exist yet is related to what another attendee shared with me. He works for a larger company with a lot more data, and the classification limit of 100,000 just does not work for him because he produces well over 100,000 documents a day.
I've been using Microsoft Purview Information Protection for about two years, as they've renamed it, though I've been using Purview for DLP and policies.
Regarding the stability and reliability of Microsoft Purview Information Protection, there have been problems, such as the one with US East that impacted us. There was one recently where many of our vendors were running on Azure, and they had a global issue. I think it was with DNS or something related to that, and it affected us as well.
There have been more global problems than isolated ones. Since identity is where everything is based, if that goes down, you're screwed. Making that more resilient to DNS failures would be great.
Being able to scale is important.
I should clarify that I didn't consider another solution that was cloud-based. We have a product, a DLP, that is just host-based and client-based rather than cloud-based. So we would not have had an opportunity to deploy that structure out to the cloud. This was our only shot.
I don't know how to honestly quantify the return on investment from having Microsoft Purview Information Protection. I don't do the spend and the math because we're forced into the E5 licensing.
It has the potential to save us a lot of time, but it's just not there yet.
Regarding the experience of pricing, setup costs, and licensing for Microsoft Purview Information Protection, it's confusing. Knowing what I have to do for add-ons, I have to buy SCUs, and that's sometimes confusing. It could use a lot more clarity, and there's not a lot of good VARs out there that truly understand it. The local Microsoft representatives are swamped with those types of questions, and things are changing all the time. I just can't keep up.
Microsoft Purview Information Protection integrates with the other security tools that I use because we're a Microsoft shop, so we're E5 and across the board.
I have all the products, and that's fantastic. I'm in the ecosystem using everything, but we're still a very traditional workplace with a lot of our data on-premises. A lot of operations are still on-premises focused solutions versus being more mobile and more open, with traveling people and those situations.
We do have our own APIs that we use for Microsoft Purview Information Protection. We write our own, and some of that is exposed. Some of our applications do use the APIs to communicate with the cloud services. However, we're not a big publisher; we don't publish a lot of APIs. There are a few that we publish, and a few that we consume, but that's it.
My overall rating for Microsoft Purview Information Protection is 8 out of 10.
We are more focused on data quality and master data management perspective. From that angle, things are quite easy and good. In terms of AI integration or integrating with a third-party tool like InTune or some other third-party tools, if we can have some more AI capabilities where use cases can be easy with Microsoft Purview Information Protection, that would make life easier.
The first thing is that it is easy to use. This is the one thing I personally liked about Microsoft Purview Information Protection. The second is that the requirement with the client is more focused from the security perspective, which is also mitigated by this particular tool. The third thing is that not only I, but my team is also quite comfortable in working with Microsoft Purview Information Protection.
It is a straightforward deployment. It also integrates with the AI systems that we have. The admin panel is very easy to use and straightforward.
From the productivity point of view, we already have our data warehouse and data lake kind of solutions in place. We integrate with that. From the security perspective, the security teams take care of that particular piece. We are not worried about that again.
One thing I personally felt is, let's take a use case where I want to know how many crimes Mr. Donald Trump has made in this organization. That kind of information we don't have in our systems. I'm just giving a hypothetical example here. In terms of AI integration or integrating with a third-party tool like InTune or some other third-party tools, if we can have some more AI capabilities where use cases can be easy with Microsoft Purview Information Protection, that would make life easier.
We have been using the solution for around two plus years now.
The stability is quite good and is not an issue. For one or two tickets only, we required Microsoft help. The rest we have already handled by our team only.
It is easy to integrate with the systems and it is easy to work on Microsoft Purview Information Protection.
That is not my part, from what I can say right now. I belong to the pre-sales and solutioning team, not from the delivery or the implementation team.
Before that, I was involved with Informatica. I started my career with Informatica 6.0 and after that, I moved into Master Data Management, which is Siperian, and then going forward with Informatica 9.0 and a little bit of Cloud IDMC and these kinds of versions. In parallel to that, I also worked on Talend and other tools.
We have a dedicated team for doing the installation and deployment and all that aspect. Once we raise the ticket for deployment, the deployment team takes care of that particular piece of requirement with the help of the security team and other teams. We are not much worried about that part right now.
My company is a Gold partner with Microsoft for a long time.
It is reasonable from what I can say right now because we are using most of the Microsoft tools right now. We are using the managed SQL server of Microsoft. We are using Microsoft Purview Information Protection and we are also using this MSBI ETL tool. From the pricing perspective, it is acceptable.
It is reasonable from what I can say right now because we are using most of the Microsoft tools right now. We are using the managed SQL server of Microsoft. We are using Microsoft Purview Information Protection and we are also using this MSBI ETL tool. From the pricing perspective, it is acceptable.
There are alternate solutions available.
There are no additional concerns at this time. There are alternate solutions available. That is fine and not an issue. The overall review rating for this product is 8 out of 10.
My main use case for Microsoft Purview Information Protection is sensitivity labeling, as I use it for exposing labeling for inside Teams and outside Teams.
My favorite feature about Microsoft Purview Information Protection is that it generally applies to everything, so I don't have to go in and do it manually; I set a policy and then it applies. When my teams create individual teams, I don't have to worry about them sharing information that they should not or cannot, and it notifies end users with labels and tooltips, which I appreciate.
I think the role of sensitivity labels in guiding AI interaction with Microsoft Purview Information Protection is pretty good, but for us, it's too general. It says, "Here's a dataset" and because something is in a particular folder, it's going to apply a label. It would be much nicer if it could go in, analyze the content, and say, "This is attorney-client privilege. This is company restricted," rather than assuming my patch notes for a server are the same as another company's.
Having AI in Microsoft Purview Information Protection solution is very important for me because our datasets are so huge that we are not going to be able to do the classification ourselves. In order for us to use Copilot and expose any data, we have to do the sensitivity labeling first. That's a big task, and the people that are managing the data are not going to do the work.
I have not had much luck or experience with the comprehensiveness of Microsoft Purview Information Protection's data classification abilities, particularly in identifying categories and sensitive information. The information we had at the time stated, "Here's how it's going to go and it's going to read all of your information and it's going to apply its own set of labels," which scares management. Once you apply the label, how do you get it off? And how do you go back and check the work? You can't.
We don't trust Microsoft Purview Information Protection yet.
While it has the potential to save us a lot of time, it's just not there yet with Microsoft Purview Information Protection.
There are moments when if your identity is compromised, you're in trouble, which is the basis of everything. Making Microsoft Purview Information Protection more resilient to DNS failures would be great.
I've been using Microsoft Purview Information Protection for about two years because they've renamed it, but on the Purview side for the DLP and the policies, I'd say two years.
I would say that the stability and reliability of Microsoft Purview Information Protection has had some downtime, despite having issues with US East that impacted us. Recently, there was a global issue affecting a lot of our vendors running on Azure; I think it was related to DNS or something of that nature, and that affected us as well. It was more global problems than anything else.
I can tell you what one of the other attendees told me regarding Microsoft Purview Information Protection when I was sitting next to him in a lab; he works for a larger company and has a lot more data, so the classification limit of 100,000 just does not work for him because he produces well over 100,000 documents a day. Being able to scale is crucial.
I did not consider another solution for Microsoft Purview Information Protection, but I should clarify that it was not a cloud solution since we had a product, a DLP, that is just host-based and client-based rather than cloud-based. We would not have had an opportunity to deploy that structure out to the cloud; this was our only option.
I don't know how to honestly quantify the return on investment from having Microsoft Purview Information Protection. I don't do the spend and the math because we're forced into the E5.
In my experience with Microsoft Purview Information Protection, the experience of pricing, setup costs, and licensing is confusing, especially knowing what I have to do for add-ons with buying SCUs, which can sometimes be confusing. It could use a lot more clarity, and there aren't many good VARs out there that truly understand it. Additionally, the local Microsoft representatives are swamped with those types of questions, and since it's changing all the time, I just can't keep up.
It's more precise to my needs, I believe. I would rate this product an 8 out of 10.
My main use case is document labeling.
With Microsoft Purview Information Protection, I ensure we have different categories of data types for the documents that we have or the types of information that it is, such as public, protected, and classified. I label documents so people know what the document is and the type of information it might contain.
The feature I prefer the most is the automated controls around it, such as automated labeling, which is effective. It is beneficial because it helps people get the documents labeled without them putting effort into it.
A benefit for my organization from using Microsoft Purview Information Protection is security. We can put protections on highly classified documents, which is really important for us.
When evaluating the roles of sensitivity labels in guiding AI interaction, I think it is important, but I am not sure yet. I am still figuring out how AI can help in that manner. We do not want things over-classified and put more protections on than they actually are, because that opens up other problems for us.
I assess its ability to classify data and identify sensitive information as an area where we have not really gotten a lot of progress yet. I can see where that could be really valuable in the future. I just do not think it works for us because it is a little bit harder to define where it is and where it is not. With hard controls on it or a dictionary where you might use and say, 'If it has these words in it, then it is definitely classified.' Sometimes you can use those words, but if it does not have other information, then it is not classified for us. Or sometimes if it is accompanying other information, then it is, and then you get into some of the regex policy items that have to relate those things together, and that could be a little bit more tricky for us.
One feature that I think could be improved is an automated dictionary list. Perhaps something that we could have pulled in from some other source that we have, another source of authority. I think typically the dictionary itself is then inclusive of a lot of confidential information, so you cannot necessarily just fill that out with all that information.
I have been using Microsoft Purview Information Protection for approximately four or five years now.
I assess the stability and reliability as being pretty solid now. We have had a few instances of downtime or crashes, but that was years ago.
We have a unified support agreement with Microsoft to solve any issues that arise.
Neutral
I did not really consider another solution before, just because it is included with the licenses that we have. I chose to utilize that versus trying to buy something else.
I would describe the experience of deploying Microsoft Purview Information Protection as fairly straightforward. We have some items we cannot update right now within it because of the GCC limitations, but overall I think it is good and it is getting better.
I have seen a return on investment from having it from a compliance standpoint.
In terms of pricing, licensing, and other costs, it is included with the licenses that we have, which is beneficial.
AI is very important to me in this solution. I think one of the things that AI does is identify patterns and information. Information that we have that is classified is very contextual or depends on whether there is other accompanying information with it. AI being able to track those patterns automatically for people that may miss them is important.
I think Microsoft Purview Information Protection integrates well with the other tools that we have for the most part. We have a lot of Office usage, SharePoint and OneDrive, so all the documents are within there, which is really helpful. There are certain labels or some file types that do not work for labeling, which could be an issue, but other than that, it is effective.
My impression with the API ecosystem provided is that we have not really used the API items a lot, beyond Graph.
I have provided an overall review rating of seven for Microsoft Purview Information Protection.
We configured the DLP use cases in Microsoft Purview Information Protection, and it's basically scanning all the data. Whenever the use cases get triggered, the alerts get generated, and we analyze those alerts and respond to them.
Microsoft Purview Information Protection is going to be crucial for the future, especially in the age of AI. AI generates a lot of data based on contextual data. Protecting that generative AI data is going to be very crucial, and that's where DLP comes into the picture.
We try to integrate Microsoft Purview Information Protection with our MXDR, so those alerts are forwarded to our MXDR, and we do centralized monitoring in terms of overall what's happening in our environment.
The simplicity of the way we can configure the DLP rules in Microsoft Purview Information Protection is good. The user interface is nice and it's very user-friendly on that front.
Microsoft Purview Information Protection has methods to identify HIPAA and GDPR specific data. Their sensitivity info types have both compliance identification capabilities for HIPAA and GDPR.
From a coverage standpoint in Microsoft Purview Information Protection, it is good, but false positives are a concern. They have good coverage in terms of the kinds of data it can identify, but it is not always accurate.
DLP in Microsoft Purview Information Protection is one of our core pillars of security technology. It provides the ability to identify what's getting exfiltrated and protecting sensitive data; DLP has a major role to play there.
I am concerned about its accuracy levels. Sometimes it throws a lot of false positives.
Microsoft Purview Information Protection needs to increase effectiveness and ensure compatibility.
Effectiveness in Microsoft Purview Information Protection means enforcing the policy and making sure it works consistently across non-Microsoft products as well.
There are some flaws in Microsoft Purview Information Protection in terms of detection and policy enforcement. There's inconsistency in the way the policy gets enforced. We are still trying to discuss these issues with Microsoft to get them resolved.
I would assess the reliability of Microsoft Purview Information Protection in my organization as six on a scale of ten. The policy enforcement is not consistent, which means if I have a loophole, our data will still keep getting leaked. False positives can generate a lot of noise, which might result in missing real threats.
I have been using Microsoft Purview Information Protection for around four years now.
The scalability of Microsoft Purview Information Protection is not an issue because it works at the tenant level and adding the users and the scale of the organization increases in terms of the user counts. Adding those users to the Purview and enforcing the DLP policies is a pretty scalable solution. I'm happy with the scalability.
We're protecting 1,000 users right now.
I would evaluate Microsoft's customer support for Microsoft Purview Information Protection as not satisfactory. I'm not happy with Microsoft's customer support. After our issues are reported, it takes a long time to find a resolution.
Neutral
Before Microsoft Purview Information Protection, we did use different tools to achieve the same goal.
We switched to Microsoft Purview Information Protection. Purview was given as part of the E5, and we wanted to do some cost optimization.
The positives of other products compared with Microsoft Purview Information Protection are the pure play focus on security objectives, simplicity, and effectiveness.
Deploying Microsoft Purview Information Protection is plain and simple. That's not a hurdle at all.
We have not captured any ROI benefits from using Microsoft Purview Information Protection. However, it does meet the security objective of protecting the data. That's primarily the driver for having the product DLP.
Realizing any money savings is not the primary objective of using Microsoft Purview Information Protection.
Microsoft Purview Information Protection was not selected per se, but it was part of our E5. The other competing products we have already evaluated are Forcepoint, Proofpoint, Netskope, and some other products we have seen.
We haven't really saved time or money, per se. The objective of Microsoft Purview Information Protection is not to save time but to save data.
I came across some AI genetic analysis and triaging of the alerts in Microsoft Purview Information Protection. I'm looking forward to seeing what other capabilities can be added.
I would rate Microsoft Purview Information Protection as six out of ten overall, in comparison with competitors.
My main use cases for Microsoft Purview Information Protection include using it internally to avoid data leakage and to evangelize this among our customers.
The features I appreciate most about Microsoft Purview Information Protection definitely include the sensitive information types, the compliance manager, and the eDiscovery capabilities.
Microsoft Purview Information Protection has benefited my organization by providing a tax on information protection that avoids data leakage on Outlook and data at rest or in movement, preventing important information from the company from being exposed outside the organization.
It is one of the advantages of the Microsoft solution that it provides a holistic way to manage the platforms and tools, so I do not have to use multiple information protection solutions.
I think the role of sensitive labels in guiding AI interactions with Microsoft Copilot regarding grounding, access, and sharing behaviors needs more work. I see many options such as SharePoint Advanced Management for customers, but that requires a high investment from the customer's end in order to access the premium features of Purview, so it is not easy.
To improve Microsoft Purview Information Protection, I think it would be easier to simplify the licensing model and clarify for customers what is included and what is not in the different SKUs.
I assess the stability and reliability of Microsoft Purview Information Protection as pretty good.
I have experienced some downtime or performance issues, where sometimes the tools lag in showing reports and the performance depends on the amount of data you have.
I think Microsoft Purview Information Protection scales well with the growing needs of my organization.
It does grow with us, and I can say it performs well. We have expanded usage of Microsoft Purview Information Protection in our company for all people, with different controls and labeling that match with DLP rules, ensuring that we will not get exposed.
I evaluate my customer service and technical support experience for Microsoft Purview Information Protection as mixed. We use two different tools to raise tickets, and one of them, Partner Center, is terrible, while the compliance portal is somewhat better but still needs improvement.
On a scale from one being the worst and ten being the best, I would rate my customer service and technical support as a solid seven.
I give a seven because there are still areas that could potentially improve. I cannot say a nine or ten because we are not there yet.
Positive
With Microsoft Purview Information Protection, rather than seeing a return on investment, I see a high value in not exposing critical information from companies outside. Many companies decide to move forward once they have been harmed by a security issue.
My experience with the deployment of Microsoft Purview Information Protection involves delivering a lot of proof of concepts and pilots, and I believe we have the expertise to deliver these solutions with no issues.
I did not face challenges with the deployment. The challenge was to train customers and let them understand the value behind this, which is more about people than technology.
My experience with the pricing, setup cost, and licensing of Microsoft Purview Information Protection is that while I have worked with this type of technology for a long time, the setup is not easy since you need to classify the information and define the taxonomy for the customer's environment, which is often not an easy task.
I considered third-party solutions, but the thing is that security is not just one piece. You need to consider the whole spectrum, and data protection and Purview is definitely one of the key pieces in this strategy.
In the context of the AI boom, it is definitely important that Microsoft Purview Information Protection automatically prevents high-sensitive corporate secrets and PII data from being ingested into generative AI models because there is important information moving from one point to another, and it is critical to have controls to avoid the exposure.
My impression of the API ecosystem provided by Microsoft Purview Information Protection for extending sensitive labels to non-Microsoft services is that it is great. Most environments are mixed, so there is a need to have all systems talking to each other to protect customers' information better.
I assess the comprehensiveness of Microsoft Purview's data classification abilities as pretty good since it provides almost three hundred different patterns or ways to identify specific types and broad categories of sensitive information, and Microsoft offers the flexibility to customize for different scenarios.
To another organization considering Microsoft Purview Information Protection, my advice is to first organize their company in terms of documentation, taxonomy, labeling, and segregation in departments to deploy a successful campaign of Microsoft Purview. Otherwise, it is not going to be easy for them to onboard. I would rate this review an overall eight out of ten.
My main use cases revolve around Copilot readiness. I go in and assess a Microsoft 365 tenant to understand what their data usage patterns look like so that I can help them figure out how to re-architect their SharePoint and apply the appropriate sensitivity labels so they can start to deploy Copilot confidently while reducing oversharing and reducing unintended access to the company's data in M365.
I particularly appreciate the ability in Microsoft Purview Information Protection to use data sensitivity labeling across all of M365, and then you can also extend it out to AWS S3, Azure Blob storage, Power BI, Dataverse, and all other integrations.
Although it has numerous connectors, the ability to classify data across cloud hyperscalers allows us to gain visibility on where we have sensitive data, and it also enables us to get telemetry to identify when there is potential risky sharing of that data.
We are using Microsoft Purview Information Protection to enable the confident use of AI, so it is a set of controls and visibility that helps customers understand why they should be confident in the way that they have organized and classified their data so they can start to let agentic AI operate in their environment.
I am not impressed with the API ecosystem provided by Microsoft Purview Information Protection, and I want it to be better. Blue Cycle, as a group of developers who know security and Microsoft, differentiates in the Microsoft ecosystem by not only knowing Microsoft but also all the third-party products that Microsoft competes with and integrates with. We are a very API-first company focused on finding patterns and implementing them. A lot of functionality in Microsoft Purview Information Protection is not exposed in an API officially yet, which has made a lot of implementation work difficult because we have to do click ops instead of DevOps. While some tools have capabilities, communication rights management, for example, makes it almost impossible for a third party that is not integrated in as a solution provider to operate. That is not directly Information Protection, but it is a Purview example. However, I think that there have been many releases this week that might help with these issues, but I have not caught up on all of them yet.
I have been using Microsoft Purview Information Protection for about three years.
I am probably not close enough to answer questions about stability or reliability issues, but I think of myself as the architect designer while my team implements the work. I have not heard of any crashes or downtime; nothing has bubbled up to me. If there was a big problem, I would know about it.
My customers have seen a return on investment from having Microsoft Purview Information Protection.
I chose not to look at another solution because we are Purview first, even though there are use cases that necessitate other tools like Varonis that sit on top of Microsoft Purview Information Protection. In general, the only product I have seen that provides significant value on top of Microsoft Purview Information Protection is a company called Gnostics; they complement Purview and come into your Purview deployment to identify the roles and personas in your company, pen-testing the AI to help you figure out where you have gaps in your AI security and in your oversharing controls.
I am not sure I know the answer to how I would evaluate the sensitivity labels in the AI guidance that I receive. My overall review rating for Microsoft Purview Information Protection is an 8.
We initially focused on Office 365 risk and compliance in Teams, SharePoint, and email. More recently, I have been utilizing it from the data platform perspective, integrating information protection labels into Azure SQL, Power BI, and more.
Microsoft Purview Information Protection helps us comply with national standards. I don't deal with HIPAA or GDPR, but I'm working closely with federal standards in Australia. I used to work with government agencies. Purview is about auditing and discoverability. We need to ensure people aren't releasing information that they shouldn't and that they're doing multi-factor authentication or accessing it from the correct devices. It aids in reducing silos within organizations, enabling staff to easily find documents and contacts without exhausting human resources.
One of the key features of Microsoft Purview Information Protection is the auto-classification functionalities, although I have found them to be less effective in complex scenarios. The policy toggle, demanding justification for downgrading labels, provides an essential audit trail that helps prevent accidental exposure of sensitive data.
The security tools integrate well. I like that you can scan several data or informational assets, such as your SharePoint list, Teams, etc., and bring them into Purview as a central repository. Partnering with other products, like Sentinel, for logging capability and inventory provides a service across the board.
It's essential that Purview automatically prevents highly sensitive corporate secrets and data from being ingested into generative AI models, but the reality is that AI is a tool. It's problematic if consumers rely on a tool to protect them because they must be educated first. Regardless of the education, the employee might share the information anyway, so the AI shouldn't be the first point of failure. It should be a human making good decisions.
The communication around Microsoft product names and functionalities can be confusing, like when they combined Office 365 Risk and Compliance with Azure Purview. Then, they added Purview Hub to Fabric, and people thought Purview Hub would do data lineages, but it didn't. It isn't full-fledged Purview. It's just one feature set.
Clarifying product features and use cases would help avoid such confusion. Additionally, improving the auto-classification functionalities and providing a more user-friendly experience would be beneficial.
I have seen no issues with stability; it appears to work reliably even when deployed broadly within organizations.
The scalability of Microsoft Purview Information Protection is excellent. There have been no real problems with scaling, and it can handle large collections of data without issues.
I rate Microsoft support six out of 10. Response times are a challenge. It's hard to be an ambassador for a product when you know it will be hard to get support. With Microsoft's support, I have learned to be persistent.
I'll raise a support ticket, knowing that it will take some time to escalate. When you've got runways on a project, you only have so much time to burn with support tickets. In some cases, it has taken 30 to 60 days before I reach someone who can help. However, recent improvements in visibility and community engagement have made it somewhat easier to obtain support.
Neutral
I have explored other products such as Exceleon and Informatica, but ultimately chose Microsoft Purview due to its direct integration with the Microsoft ecosystem.
I'm a consultant, so the solution is typically implemented by third-party resellers and state government clients, who procure necessary licensing and services.
Microsoft Purview Information Protection offers an indirect return on investment by acting as a governance tool. You can centrally store all the informational assets so staff can search the catalogs to find the necessary documents. They can see that it's on SharePoint, a Power BI report, etc.
If I've got a database called CRM, they don't necessarily know it will be sales or customer data. They can tell Purview that they're looking for customer data, and it lets them know where it is. They don't have to have direct access to do that. They just have to have access to the metadata and the glossaries. It takes away some of those silos in organizations. Purview can do a quick scan, and it doesn't use human resources, so it gets time to do things that we need humans to focus on.
Initially, Purview's cost seemed quite high because it was for personal use. I was scanning a tiny tenant and thinking, "If I extrapolate this to an enterprise-scale tenant, it will be quite costly." However, I talked to people who had compared it to other products on the market, and they're spending five figures to get started. At least, Purview has a free trial, so you can try some of the features early on.
I rate Microsoft Purview Information Protection seven out of 10. Purview's classification abilities could be improved, especially in handling complex rules. Greater clarity in product communication and the continued development of its roadmap will help enhance user confidence and understanding.
