We performed a comparison between Microsoft Defender XDR and Microsoft Purview based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Defender XDR has a feature called the timeline that lets you track all activities. It helps a lot with investigations."
"The ability to hunt that IM data set or the identity data set at the same time is valuable. As incident response professionals, we are very used to EDRs and having device process registry telemetry, but a lot of times, we do not have that identity data right there with us, so we have to go search for it in some other silo. Being able to cross-correlate via both datasets at the same time is something that we can only do in Def"
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"My clients like Defender's file integrity monitoring. They're monitoring Windows and Linux system files."
"All of the security components are valuable including, antiphishing, antispam, and stage three antivirus."
"We also use Microsoft Sentinel, Defender for Cloud, Defender for Identity, and Microsoft Defender for Cloud Apps. They are all integrated and it was very easy to integrate them. In my experience with the integrations, it was just a click of a button and things were integrated. It's just a button."
"The most valuable feature is the DLP because that's where we can have an added data protection layer and extend it not just to emails but to the documents that users are working on. We can make sure that sensitive data is tagged and flagged if unauthorized parties are using it."
"It gives you the opportunity to know your data and apply policies around it. If those policies are flouted, you can always track what's happening. You have options such as alerting the person who is committing that action, or you can take automatic action by blocking, for example, an email that is been sent externally. It's very useful."
"It is critical that Purview delivers data protection across multi-cloud and multi-platform environments. That is the number one reason that people are adopting hybrid and best-of-the-breed approaches. Especially in banking, it is critical because people want to protect, govern, and secure their data. This is one of the first conversations that happens with security and the architecture group on the client side."
"Purview helps mitigate risk and allows us to govern the information being shared among apps and devices."
"We can prevent, block, or audit however we like."
"The data classification part of the solution is excellent, especially as it gives us an insight into our sensitive data within Microsoft 365."
"The custom classifications are one of the most valuable features."
"The time to onboard is pretty short."
"The audit log has been a lifesaver for a lot of reasons. Historically, when using SaaS products, there were always questions about how the audit was going and whether we were sufficient out of the box. Purview has many capabilities available through centralized reporting that provide a view of a specific segment."
"The Defender agent itself is more compatible with Windows 10 and Windows 11. Other than these two lines, there are so many compatibility issues. Security is not only about Microsoft. The core technical aspects of it are quite good, but it would be good if they can better support non-Microsoft solutions in terms of putting the agents directly into VMware and other virtualization solutions. There should be more emphasis on RHEL and other operating systems that we use, other than Windows, in the server category."
"The advanced threat-hunting capabilities are phenomenal, and the security copilot enhances that, but some data elements could be better or have more context inside of the advanced tables themselves. The schemas feel a little limited to what they're building into the product. It's probably just a maturity thing. I imagine we'll see the features I want in the next year."
"The dashboard should be easier to use. There is also improvement needed in the reporting when it comes to exporting or scheduling reports."
"The capability to not only thwart attacks but also to adapt to evolving threats is crucial."
"The support from Microsoft could improve. There are times I have to wait for a response from a qualified specialist."
"The support could be more knowledgable to improve their offering."
"In the future, it would be beneficial for Microsoft to consider making the product more user-friendly or simplified for those who are interested in using it. Currently, it requires a high level of technical expertise, making it challenging for beginners or less experienced individuals."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"Two features are unsupported—custom insights and the DLP component—that would be beneficial to me as a consultant and for the customer in terms of security and monitoring. Regarding security, DLP would provide a more granular level of data masking. Custom insights would offer more detailed monitoring and alerts that can notify customers of failures or anything requiring urgent action."
"One drawback of Microsoft Purview, though it's beneficial and easy to use, is that when you start plugging in connectors for third-party sources when setting the solution up for data collection, it becomes a bit more tricky."
"Purview's data connector platform for non-Microsoft data sources is good, but there is some functionality that hasn't been developed yet. There are some servers that it can't connect to yet, because they're still in a trial process."
"Data quality has been a highly requested feature among customers."
"There are differences when looking at an incident in the M365 portal versus Purview, and the main one is the advanced hunting. In the M365 portal, you can write KQL queries and fetch data. If that was available in Purview, it would be very good."
"The technical support has room for improvement."
"It could reduce pricing to encourage usage."
"I lose a little bit of that control when we're talking about third-party connectors. Compliance-wise, I would like to see more ability to audit from a user perspective, where I could extrapolate what the user was thinking or trying to do."
Microsoft Defender XDR is ranked 1st in Microsoft Security Suite with 76 reviews while Microsoft Purview is ranked 7th in Microsoft Security Suite with 48 reviews. Microsoft Defender XDR is rated 8.4, while Microsoft Purview is rated 7.6. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Microsoft Purview writes "User friendly with good documentation but needs to cover more non-Microsoft use cases". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager, Wazuh and Trend Vision One, whereas Microsoft Purview is most compared with Collibra Governance, Alation Data Catalog, Varonis Platform, Informatica Axon and Microsoft Intune. See our Microsoft Defender XDR vs. Microsoft Purview report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.