We performed a comparison between Microsoft Purview Data Governance and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Microsoft Purview is scalable."
"The availability of pre-designed policies tailored to specific geolocations and customer requirements is a valuable feature."
"The labeling is the most valuable feature for the companies I'm installing it for. Some of them have several thousand staff, and their concerns are around confidential or private data being shared. The labels and the policies involved with them give them that initial visibility."
"MIP also provides strong information rights management settings, such as the ability to specify who has access to content and at what time."
"From my experience and customer feedback, one of the most valuable features of Microsoft Purview is ease of use, especially for content hosted within Microsoft 365 and Azure. I also like that the pricing model for the solution is reasonable."
"I really like the entire system for auto-labeling content. It's a very refined system. I use the Keyword Query Language to define refined string-based metadata, and then I can really go deep into the specific data with the specific properties labeled in such and such a way."
"It is pretty early, but the decision to go with this investment was largely driven by the simplification of our information security technology management stack. That is the primary objective. Once you simplify and you have a connected structure, it allows for faster adoption there. It also gives us additional capabilities as we go on using the technology that we are familiar with, and we do not have to depend on outside parties to come in and tell us how to do certain things."
"The data classification part of the solution is excellent, especially as it gives us an insight into our sensitive data within Microsoft 365."
"The main benefit is the ease of integration."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"Having your logs put all in one place with machine learning working on those logs is a good feature. I don't need to start thinking, "Where are my logs?" My logs are in a centralized repository, like Log Analytics, which is why you can't use Sentinel without Log Analytics. Having all those logs in one place is an advantage."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"Some of the menu headings may not be easy to understand for some people."
"Frequent daily updates from Microsoft can cause interface elements like buttons to appear and disappear, making navigation unpredictable."
"There are some limitations with regard to the lineage of data from different parts of the system."
"Overcoming certain control issues would significantly enhance our overall satisfaction."
"I would like to have complete video documentation for training."
"Purview's data loss prevention for macOS endpoints has some limitations, and the end-user experience of recovering from a failure is lacking."
"Enhancing the tool's capability to connect to multiple sources would be valuable."
"There are differences when looking at an incident in the M365 portal versus Purview, and the main one is the advanced hunting. In the M365 portal, you can write KQL queries and fetch data. If that was available in Purview, it would be very good."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"Sentinel still has some anomalies. For example, sometimes when we write a query for log analysis with KQL, it doesn't give us the data in a proper way... Also, the fields or columns could be improved. Sometimes, it is not giving the desired results and there is a blank field."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
More Microsoft Purview Data Governance Pricing and Cost Advice →
Microsoft Purview Data Governance is ranked 7th in Microsoft Security Suite with 48 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 85 reviews. Microsoft Purview Data Governance is rated 7.6, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Purview Data Governance writes "User friendly with good documentation but needs to cover more non-Microsoft use cases". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Purview Data Governance is most compared with Collibra Governance, Alation Data Catalog, Varonis Platform, Informatica Axon and OneTrust DataGovernance, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Splunk Enterprise Security, Microsoft Defender for Cloud and Fortinet FortiSIEM. See our Microsoft Purview Data Governance vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.