Microsoft Purview Data Governance Reviews

My organization had a large amount of sensitive data stored primarily in SharePoint Online. We also operate in a highly regulated industry. Therefore, we wanted to take advantage of some of the features offered by Microsoft Purview. Initially, we focused on sensitivity and retention labels, but we later expanded to include data loss prevention and benchmarking our data against the built-in regulations offered by Purview.

It is important that Purview delivers data protection across multi-cloud and multi-platform environments. Many organizations have multiple systems, which can be difficult to manage. I know that many of my clients are currently trying to amalgamate their systems and bring them all under one umbrella, but there will always be cases where organizations will not be able to have everything in a single software solution like Microsoft 365. Being able to take advantage of Purview's excellent features and deploy them across not only 365 but also other systems makes it much easier. I think this is one of the reasons why organizations are starting to look at things like Purview: it has the ability to deploy more widely, saving organizations a lot of time and effort and centralizing control.

It is important that Purview can connect to iOS, Mac, and Android devices, as well as other data and SaaS apps. Many organizations issue portable devices to their staff, especially those with a high percentage of hybrid remote workers. These mobile devices have become essential, both personally and professionally. Having governance across multiple devices is a brilliant feature.

Purview's integrated data link compliance is a great feature. The biggest selling point for me is the ability to deploy it from one location; I haven't been able to manage everything in one place before. This makes it much easier for local administrators, and it can also be used across different environments.

The connectors for supporting non-Microsoft data sources are a brilliant feature and a smart move by Microsoft. They allow us to apply our governance policies to data sources such as Twitter and WhatsApp, which are used by many organizations for customer interaction. This is important because it allows us to protect our customers' data, even when they are interacting with us on multiple platforms.

My experience of the critical regulations that Purview was built taking into account is predominantly UK regulations. When I first started at my organization,  part of my role was data protection. So being able to benchmark our data against the GDPR and some of the UK's specific regulations was fantastic. But now I work with multinational clients, so we have offices in various locations in different geographies. So having specific legislation for the areas in which they operate is brilliant. More organizations are spread across different continents and countries. So being able to apply different legislation to different parts of their estate depending on where their offices are operating is a fantastic feature.

We are currently updating our data loss prevention policy internally, and we highly recommend that our clients use Microsoft Purview for DLP as well. I demonstrated Purview to a client a few months ago, and they were incredibly impressed with how effective it can be. I think they were particularly surprised by how quickly it can identify sensitive data. For example, we did a quick test where we uploaded a document that contained a piece of personal information that we had asked the Purview policy to look for. As soon as we uploaded the document to a SharePoint document library, we received an email alert warning us that the sensitive information was present and could be accessed by others. The alert was almost instantaneous. This shows that Purview is a very effective system for protecting data.

Microsoft Purview has enabled us to truly embed a culture of data governance among staff. This has been a major success, not just within our own organization, but also with our partners and clients. Many people talk about the importance of data governance, but Purview has helped us to increase the knowledge base of our users and empower them to take ownership of their data, rather than relying solely on IT professionals or data protection staff. This is a real positive for any business, especially those that work with sensitive information. The automation capabilities of Purview have also been a huge hit with our users. The ability to automatically apply data labels and implement advanced encryption policies has made it much easier for us to protect our data.

In previous years, we have used various methods and systems to try to achieve the same outcome, including spreadsheets and stand-alone systems. We are heavy users of Microsoft 365, so it is our primary system, but we also use other systems. Having one solution that can deploy our core policies and protections across different devices and platforms.

Microsoft Purview's reduction of solutions simplified our data governance. In the past, our data was scattered across different locations, making it difficult to manage and protect. Purview has brought our data together into one place, making it easier for users to access and for us to implement data governance policies. I believe that the more systems we have, the greater the risk of data protection incidents and the more difficult it is to deploy a unified data governance strategy. Reducing the complexity of our IT infrastructure goes hand-in-hand with improving data governance.

Some of the features in Purview have illuminated areas of our data site. In particular, when we have worked with organizations with large volumes of data, it has helped us to identify issues. For example, benchmarking our state against GDPR highlighted aspects of our operations that were not compliant. This was more important than the areas that were compliant, as it helped us to focus our attention on where we needed to make improvements. This helps us to provide assurance to our board.

We are about to launch an internal awareness campaign about AI and how we can use it. Microsoft Purview is on the list of AI solutions we will be considering. We are also about to start using Microsoft Copilot, and some of our staff are already using ChatGPT. We are looking at AI solutions within Microsoft 365 and some of our other systems. This is an area that we are very keen to develop, and it is something that our clients are also interested in. We can explore this in more detail in the coming months.

I've been amazed at how quickly the automation responds, especially when we have a large dataset. It takes that pain away from Teams and acts as a monitor for us. It's saved a huge amount of time, and once it can demonstrate internally or to clients how effectively it does what they expect it to do, that will save more time, but people who are responsible for this information need a lot of reassurance.

Purview enables us to demonstrate our compliance in real-time. We provide live reports to auditors and anyone responsible for information security risk management. We can show them our compliance status in real-time, which is excellent.

Our meetings with compliance regulators are positive when they are familiar with Purview. However, if they are not, we must be able to demonstrate to them how effective the solution is and how it can assist the organization in improving its data governance and data security. This has made the meetings much more positive, as the regulators are more assured that we are being more responsive and effective with the information we hold.

Automation plays a significant role in reducing the time to action on insider threats. We have had procedures in place for identifying, mitigating, and responding to specific risks, both internally and accidentally. However, our previous procedures were very manual, which obviously takes time. Now, in some situations, we can respond almost instantly. Automation has significantly improved our response time. Data breaches, for example, used to take a long time to investigate under our old process. From when a user reported a breach to when we could start investigating, it took hours to complete the necessary paperwork and documentation. But by using automation and some of the features in PurView, we've been able to reduce that time to minutes. In some areas, we've probably been able to reduce investigation time by 50 percent or more.

Time-saving is probably the most important benefit of automation and AI. The more time we can save people, across the board, not just Purview, the better. When we can automate tasks and improve response times, it takes away the need for manual input and frees people to concentrate on more important things. This naturally has a financial benefit. From my role, I've seen that the time savings have been really important. In some areas, we've seen time savings of up to 50 percent. So, when deployed properly, the benefits of automation and AI are huge.

Our ability to oversee compliance using Purview has been a game-changer. We have developed our own in-house compliance and risk management software, which I have been involved in. However, using Purview has been even more impactful. In addition to the automation and time savings, the key thing for us is the educational aspect. Purview helps us to raise awareness and make the organization more data-aware, regardless of role. This enables us to identify issues and, more importantly, rectify them.

We do a lot of projects for state governments in the US. One of the states had a vast amount of data, around 20 years worth, spread across various systems. We had non-relational databases, files, Snowflake, Oracle, Excel, and more. We aimed to turn this data into meaningful information, track its lineage, and identify problems. I did the proof of concept for this.

It is crucial to us that Purview was built taking into account critical regulations from around the world. The tool considers compliances related to PHI, PII data, and Europe's GDPR. All these are taken into consideration while developing the tool. That's really good.

For data loss protection in Purview, we've explored how third-party access works, particularly concerning the exposure of sensitive data like PHI and PII. We looked into how this data can be masked or hidden. Currently, our team is developing further based on these explorations.

As one of the world's leading healthcare companies, we manage vast amounts of data, especially from state government projects. Healthcare data is very critical, and we can't expose any PII or PHI data due to compliance requirements. 

We audit every three to six months, and we need to justify why the PII or the PHI data has been accessed. From that point of view, this solution gives us very good leverage from the data governance perspective.

Purview has helped to reduce the number of solutions we need to interact with each other because this has a governance portal, analytics portal, data catalog, and data dictionaries. Everything can be done in one single tool.

The beauty of Microsoft tools is that they are valuable, and most of them are UI-driven. A couple of my team members who did not undergo any kind of training, were able to leverage the tool and explore it to the core. Whereas other tools that we use, for example, Erwin or any IBM tool, need a lot of training or a lot of self-running to start mastering the tool. 

At the same time, Microsoft is very easy. Using one single tool, we can accomplish everything. This has made a huge impact on the project timelines including the implementations of certain solutions, data governance portal, building a data governance portal, etcetera. This solution has reduced the number of solutions that affected the complexity of our data governance.

Purview tremendously has affected the visibility we have in our state. Because when we started in our company, nobody had explored using a data governance tool and Microsoft Purview. It was still coming out of its cocoon. We were working together with Microsoft on a lot of issues.

Purview enables us to show our compliance in real time. When I'm on a government project, and we discuss the data, often the management or leadership asks for a report. We simply log in to the tool and instantly create a report. In just a fraction of a second, we have all the information at our fingertips.

Purview has helped to reduce the time to action on insider threats by 30% to 40%. We can identify which fields expose our data or the columns that expose our PII PHI. We also know the data lineage and who has access to the data. 

In case of any compliance issue, it will pinpoint the particular individuals who have access to this data, and then we can ask for an explanation.

The use of Purview helped to save both time and money because we ended up using one tool for most of the data governance work. The project I worked on was around $600,000, and the POC was around $200,000. We probably saved around $400,000 annually.

Purview has affected our ability to stay on top of compliance and provides a report on who has access to the data. Whenever we have an audit, it helps to determine who accessed the data and their need for access. It has a significant impact.

Our data landscape includes cloud-based resources, Software-as-a-Service applications, and on-premises deployments. To ensure consistent governance across this entire environment, we leverage Microsoft Purview for unified data management.

Since our environment houses data for multiple tenants, it's crucial that Microsoft Purview can effectively manage and access information across various cloud platforms.

Microsoft Purview's strength lies in its ability to connect to a wide range of devices, iOS, Mac, Android, and SaaS apps, allowing it to build a full data map across our entire cloud infrastructure. This cloud-based approach enables automatic data classification and updates, ensuring all our information, on-premises included, is consistently categorized and readily accessible.

Microsoft Purview's data connector platform for supporting ingestion from non-Microsoft data sources is important for our environment.

The natively integrated compliance across Azure, Dynamic 365, and Office 365 is important. This centralized approach ensures consistent data governance and security policies across our entire cloud environment.

It was designed with compliance in mind, considering important regulations from around the world. This global perspective helps identify and address data security threats more effectively.

To ensure our data development adheres to security policies, we utilize Microsoft Purview's data loss prevention features, which aid in efficiently resolving any policy violations that may occur.

Leveraging the logs generated by Microsoft Purview, we can educate our users on best practices for handling sensitive data.

We can use Microsoft Purview for MacOS endpoints.

It has helped our organization protect its data and helps reduce the number of solutions we need to interact with.

Microsoft Purview's data visibility has enhanced our technical understanding of our data landscape, improving data recovery efforts. Additionally, the compliance portal streamlines access to information needed for audits.

AI and automation have significantly enhanced our ability to detect risks, allowing for both faster identification and more precise analysis of potential threats.

Microsoft Purview enables us to show compliance in real time. This is a great tool that helps us focus on the compliance reports.

It helps reduce the time to action on insider threats by six hours per day.

Microsoft Purview has saved us 30 percent of our time to focus on other projects.

Microsoft Purview has positively affected our ability to stay on top of compliance.

I'm an IT consultant, and I have several clients ranging from small businesses and start-ups to large FTSE 100, multi-billion-pound companies. I've implemented Purview from a data security perspective, such as aggregating data using the DLP and AIP (Azure Information Protection). The point of Purview is to enable companies to have a grip on their data and create rules, policies, and visibility around that.

One of the biggest positives of Purview is the visibility you gain into your estate. Once you start labelling data, you can get reports and information about where your confidential and critical data are. It gives you far more visibility than you would have if you tried to do things manually.

While Purview doesn't reduce the number of systems you need, it covers the functionality of data security that, otherwise, would have to be done by a third-party product. And it probably would not only be one third-party solution. Only something like Varonis would be really comparable, in my experience.

By avoiding the need for a third-party product for data security, because it's a bolt-on with the 365 licenses—E3 or E5—it absolutely saves you money.

Microsoft Purview Data Governance protects against data loss, helps prevent accidental data sharing, ensures the right people have access to data and helps remediate data issues.

One way that Microsoft Purview has benefited our organization is by preventing data leakage, which saves the company money on fines and protects its reputation.

We use it to integrate the audit log with Power Platform to extract all the relevant information and explore to what extent we can enforce certain retention and sensitivity levels. We need to enforce those levels on data locations like Microsoft Dataverse. We also need to determine how to process SharePoint lists that are being fed by Power Apps or Power Automate flows.

I also work with a lot of legal departments, and we're working on legal matter management, where documents need to be retained for a certain amount of time and then they need to be processed.

On a scale of one to 10, I would have to rate it at least an eight when it comes to protection across multi-cloud and multi-platform environments. If its execution were more perfect, I would even give it a 10. These days, there are too many people with administrative passwords and credentials. Purview relieves a lot of the pressure from having multiple people in the field with knowledge of several topics. We can reduce that by at least 30 percent, if not 60 percent. I'm not a fan of having too many people with the keys to the castle. Purview enables an administrator with a small team to manage a group of 20,000 people.

One of our major clients is in banking and insurance, and we would not be able to deploy a lot of the Microsoft products if not for the exact commitment by Microsoft to take into account critical regulations from around the world. Obviously, since Microsoft is a U.S.-based company, they're going to first launch their products and their infrastructure based on U.S. data centers, which is exactly what we can't have under the GDPR law.

Also, with respect to vulnerability management, a lot of pressure is taken off the administrator when using Microsoft Purview or infusing Purview with information from the Security Center to give you a manageable overview of a lot of numbers.

We are a partner and work with different organizations. We go through a number of activity phases, such as initial discovery, understanding their data to see what is and is not sensitive, and then using Microsoft Purview. 

We use Microsoft Purview to provide sensitive information in building out a roadmap in terms of classification, protection, and lifecycle management. We then determine what kind of use case is most common for other work we would look for and fill in the gaps with the customer. Microsoft Purview's vast features and capabilities really depend on what we learn in those workshops and where that organization is looking to go over a period of time. So if one of the key areas is the mitigation or prevention of data breaches, we can help with that. 

We can also help protect content, especially when it is sensitive and involves individuals. We can also help businesses change their processes to help ensure users know what their preferences are and how to use the user tools.

Microsoft Purview's ability to deliver data protection across multi-cloud and multi-platform environments, including AWS and GCP, is very important. It helps organizations realize the investments they have already made and how they can further expand those investments to another remote type of Microsoft workflow. Microsoft Connect has been used to centralize these workflows, and the ability to import existing records management processes and policies into the file plan in Microsoft Purview allows organizations to bring compliance into a central location. This helps to manage costs and improve efficiency, as users can go to one area to leverage basic facilities without having to use separate tools.

It is important for our clients that Microsoft Purview can connect to iOS and Android devices. With many people now working from home and using their own devices, there is a need to manage these devices. Microsoft Purview's conditional access and endpoint management capabilities help organizations to protect their data, regardless of the device being used.

Purview's natively integrated compliance across Azure Dynamics 365 and Office 365 is important. However, it is also important to ensure data privacy with its data as a whole from a compliance perspective. This means ensuring that we can meet the requirements of 2701 controls and that people know the processes, technology, and relevant skills. CRM controls information about potential customers and opportunities, so it is important to ensure that we are compliant when handling this data. We also need to make sure that updates to Purview are made as needed and that our team is able to stay on Office 365. Having a strong compliance program is essential for any organization that handles sensitive data. By taking the necessary steps to ensure compliance, we can protect our data and our customers.

It is critical that Purview is built around global regulations. This is because we have different types of customers, some of whom operate slowly. There is a rack with some regulations, and we have the US. We also have a rack with different regulations that are up-to-date, but they are only safe in some areas. This means that we need to be able to control, face, or bank on system regulations. This is very important to me and the customer because they can be very tricky.

Purview's DLP can be used to remediate policy violations. A number of kinds of DLP rules can be leveraged, such as sensitivity labels, data classification, and sensitive information protection plans. This means that it is not enough to simply provide people with the technology, they also need to be trained on how to use it effectively. Through the use of an ERP system, a number of policies can be set up. This insight can then be used to make meaningful decisions about how to rate the data on the system. This will help to understand how the data is costing the organization. If the organization does not have the necessary internal controls in place, new protection and encryption measures may need to be implemented. This is primarily becoming step one in the process of working policies, understanding how the data is being used, making decisions about how to protect it, and then building a protection layer on top of that.

Data loss prevention education for users is important because it can help them to understand how to best protect sensitive data. This can be done by providing users with training on how to use DLP tools and policies, as well as by educating them about the risks of data loss. DLP tools can help to prevent data loss by monitoring user activity and blocking unauthorized access to sensitive data. DLP policies can help to define what constitutes sensitive data and how it should be protected. By educating users about DLP and the risks of data loss, organizations can help to create a culture of data security. This can help to prevent data breaches and protect the organization's data assets.

Purview helped reduce the number of solutions we need to interact with each other. I used the solution that crosses between Endpoint Data Loss Prevention, Microsoft Defender for Data, and Conditional Access to block specific types of information at different workloads. This made it easier to manage sensitive information. For example, if I have sensitive information today, I can easily block people from uploading it to Teams, SharePoint, or OneDrive.

The reduction in the number of solutions we need to interact with each other has had a significant impact on our pricing. In the past, we had to use a variety of different solutions to manage our portals, which was time-consuming and expensive. Now that everything is coming into Microsoft Purview, we are able to simplify our technical and environmental environment. This allowed us to reduce our costs and improve our efficiency. In addition, Microsoft Purview provides us with a central location to manage our data governance. This made it easier for us to comply with regulations and protect our data. Overall, Microsoft Purview has been a major asset to our organization.

Microsoft Purview expanded our visibility into our state by allowing us to see what is labeled, relabeled, and what is not classified. There are a number of different areas where Purview improved capability and overall cost. These are all different aspects of Purview, which is helpful for organizations. Purview has a point-in-time view, and it also has the ability to explore more granular data from the logs.

Purview helps to reduce the time it takes to take action on insider threats by around 50 percent. It requires planning and configuration, as well as two weeks of setup. The technical configuration is used to identify users and the types of activities they are performing. For example, users who sign into hundreds of documents within a few minutes of each other or delete large numbers of documents can be quickly identified and flagged. This allows security teams to send high-priority emails to the appropriate people in a timely manner.

Purview helps save our clients between 30 to 40 percent of time and money. 

As a Microsoft partner, we specialize in selling Microsoft products to our clients. Microsoft Purview serves as a typical data cataloging tool within our data governance projects.

Microsoft Purview offers comprehensive data protection capabilities across multi-cloud and multi-platform environments, including AWS and Google Cloud Platform. When discussing data protection, it's essential to recognize the different facets of Purview solutions. Firstly, there's the data catalog side, which focuses on organizing and managing data assets. Secondly, there's the risk and compliance aspect, which encompasses solutions like data loss prevention, insider risk management, and information protection for data security. Additionally, there are risk and compliance management features such as data lifecycle management, e-discovery, audits, and communication compliance. Microsoft Purview has been working towards integrating these three aspects—data security, data governance, and risk and compliance—into a unified interface which would provide a seamless experience for users to manage all aspects of data protection efficiently.

The ability for Purview to connect with iOS, Mac, and Android devices, as well as data from various SaaS applications, is of utmost importance. Customers prioritize this capability because they aim to safeguard their data regardless of its location—whether on mobile devices, in the cloud, or on computers.

It serves as a connection platform that supports the integration of data from non-Microsoft sources. While its capabilities for connecting with non-Microsoft data sources are continuously improving, there are still some limitations. Presently, Purview can connect with other cloud vendors such as Google Cloud, Amazon, and IBM.

Ensuring native integration of compliance across Azure, Dynamics, and Office 365 is a top priority for Purview. The aim is to consolidate all compliance functionalities into a unified interface, although currently, they remain separate. The ultimate goal is to streamline compliance processes by centralizing them within a single portal.

We use Purview for data loss prevention.

It hasn't yet streamlined the integration of solutions we interact with, as they remain separate. However, once the unification of data governance, data security, and risk compliance functionalities into one portal is fully implemented, it will likely reduce the need for multiple interactions. Currently, we're still navigating through different interfaces and portals to achieve our goals. So, as of now, the solutions remain separate, but there's potential for improvement in the future.

Purview has enhanced our visibility into our data estate, especially through the democratization of data via the data catalog. By surfacing our data assets and making them accessible throughout the organization, we've achieved better visibility overall. However, it's crucial to note that successful data governance requires more than just technology—it also involves having the right teams, processes, and policies in place. Therefore, by ensuring that all three components of data governance are aligned and well-managed, leveraging Purview's data catalog can significantly improve visibility into our assets.

There are AI components utilized for classification purposes, particularly in identifying names, such as people's first names and locations like cities. Additionally, there's deeper integration with MDM partners like Profisee and Tamr, who leverage Azure OpenAI for this purpose. However, even without these third-party vendors, within the data catalog or data map, classification relies on machine learning to identify and surface sensitive information effectively. AI has a significant impact on the quality of insights in Purview. It automatically classifies sensitive assets during scanning, which effectively reduces manual effort and ensures thorough coverage of sensitive information within the data catalog.

The ability to demonstrate compliance in real-time is facilitated by a dedicated solution known as Compliance Manager. This specific Purview solution falls under the category of risk and compliance, providing the necessary tools to showcase compliance status effectively.

Purview, particularly the Compliance Manager, has assisted us in enhancing compliance with regulatory requirements. With Purview Compliance Manager, it identifies areas where compliance may be lacking and provides actionable steps to achieve compliance. This tool facilitates easier discussions with compliance stakeholders and ensures alignment on necessary actions.

It has contributed to reducing the time required to address insider threats through its integration with Microsoft Defender for Endpoint. This integration includes a specific feature known as Insider Risk Management, which enables proactive detection of and alerts for suspicious or malicious activities.

It has helped save both time and money. One particular feature is called Data Sharing. Its primary aim is to minimize data duplication. This feature allows users to share data internally and externally without physically moving the data itself. Instead of creating additional copies of data as attachments or sending them via email, users can share data directly from its existing location. This reduces the need for storing multiple copies of the same data, ultimately saving storage space and associated costs.

It has enhanced our ability to maintain compliance by integrating Purview with Microsoft Sentinel. This integration enables the creation and sending of alerts, allowing us to proactively address sensitive information as it enters our data catalog.