Microsoft Purview Information Protection Reviews

We initially focused on Office 365 risk and compliance in Teams, SharePoint, and email. More recently, I have been utilizing it from the data platform perspective, integrating information protection labels into Azure SQL, Power BI, and more.

Microsoft Purview Information Protection helps us comply with national standards. I don't deal with HIPAA or GDPR, but I'm working closely with federal standards in Australia. I used to work with government agencies. Purview is about auditing and discoverability. We need to ensure people aren't releasing information that they shouldn't and that they're doing multi-factor authentication or accessing it from the correct devices. It aids in reducing silos within organizations, enabling staff to easily find documents and contacts without exhausting human resources.

Our managed services provider performs assessments, maintenance, and checks. We also offer a SOC to customers who do not have a budget for a dedicated security engineer.

Microsoft Purview Information Protection is used for both internal needs and for our customers to help them implement data loss prevention and conduct compliance assessments. With the deployment of Copilot, we use it as a tool to ensure proper data governance and to prevent unauthorized access to data.

Purview simplifies and consolidates security products. We implement other products from CrowdStrike and SecureWorks. However, it's better for Microsoft customers because they're already paying for the enterprise license, so they save some costs by leveraging that. 

A single solution for information protection is crucial because the Holy Grail of security management is the single pane of glass. With all the indicators in one place, you avoid false positives, which means that it requires a low level of attention. The operator won't believe it's an actual attack if you have too many false positives. Copilot For Security also prevents this kind of false alarm and provides a way to automate many things. 

Purview saves customers time by offering them a quick way to assess a situation and insights into how to improve. It also helps to save customers money because consulting engagements are based on the consultants' time with the customer. 

I have several different clients in various industries, particularly in HR and finance departments. They wanted to lock down and protect their documentation to ensure it does not end up outside their tenant.

For a small company, having Microsoft Purview Information Protection gives us kudos in the community. We offer services that competitors do not, which provides us with a competitive edge by staying on top of Microsoft's new releases.

I am using multiple products from Microsoft to maintain a robust security posture. Integrating Microsoft Purview Information Protection is part of keeping our ecosystem consistent with other Microsoft products. I have implemented Microsoft Information Protection for data classification and data loss prevention, and I use it for governance and auditing.

Microsoft Purview Information Protection supports data classification, sensitivity labels, and data loss prevention. I have implemented it for governance and as a logging tool for audits. However, it does not support direct PDF labeling on Macs, which is an area where the tool can be improved. I have critical documents where I implemented this solution to encrypt and label data effectively, ensuring the data's security and proper ROI.

We utilize Microsoft Purview Information Protection for data loss prevention on Teams chat. If a user shares any sensitive data on Teams chat, we block the message using DLP policies created on Purview.

The most valuable feature of Microsoft Purview Information Protection is its ability to respond to sensitive data shared on Teams chat by deleting the message, not just monitoring or logging. The creation and implementation of DLP policies on the platform have been crucial for protecting data on Teams chat.

I use Microsoft Purview Information Protection to ensure the secure management and protection of my organization's data. It allows me to automate governance processes, safeguard sensitive information, and exert control over email and document security.

When implementing Microsoft Purview Information Protection, I aimed to automatically classify sensitive data and ensure its protection. The goal was to streamline the process of identifying and securing sensitive information to enhance overall data security measures.

Microsoft Purview Information Protection has significantly improved our company by ensuring data security across all locations. I no longer worry about the safety of my data, especially sensitive information. Whether it is critical or not, the system reliably protects our information without any concerns.

It has saved us time overall. We are looking at a time savings of around two to three hours a day. It also helped us save money, especially considering the high cost associated with data. Ensuring that our data is secure and not at risk has translated into significant internal cost savings.

My previous project used Microsoft Purview Information Protection for end users and data discovery. It was a new implementation, and the customer was unsure how to proceed with Data Loss Prevention (DLP) due to new security policies. I discussed the requirements with the customer to understand where encryption was needed and what labels were required. After identifying these, I created data security labels and applied them to a small group of IT department users for testing. Once testing was complete, we rolled it out to a limited set of users from different departments and gathered feedback.

For example, HR needed a specific label for their data, accessible only to HR users. We then created and applied labels globally to all users. Initially, we didn't force label application or content-based detection; users applied labels based on judgment. Next, we implemented content-based detection by creating Sensitive Information Types (SITs) with keywords and regex patterns based on discussions with the data security team. We created four main labels: public, internal, confidential, and restricted. SITs were added to specific labels, like financial data for the restricted label and internal confidential data for the confidential label. The system would detect content and recommend labels but not force their application.

After applying labels to end users and achieving some maturity in the process, including fine-tuning and adding appropriate Sensitive Information Types (SITs), we moved on to existing data in on-premises file shares. This data volume was huge. We used the Azure Information Protection scanner, which is the scanner, to conduct a proof of concept. After the POC, we performed performance testing on the complex environment, which had many devices like antivirus, firewall, proxy, and network components. I had to ensure the scanning wouldn't impact the environment's performance.

We took a sample of about one terabyte of data for scanning, noting different timings during and off-production hours. This helped determine the best time for scanning and how long it would take to scan one terabyte of unstructured data. Once completed, we defined an approach to handle the full 375 terabytes of data that needed scanning and labeling where appropriate.

We calculated the number of servers needed for the scan, considering this wasn't just a one-time process. We also had to plan for ongoing scans of new files. After deciding on the approach, we began scanning the data. Once the scanning process started, we handed it over to the Business As Usual team for ongoing management.

I created training materials for end users on applying different labels, explaining their purposes, and providing examples. This was crucial since end users would apply the labels in different protection scenarios. The implementation helped the organization in several ways.

Firstly, it ensured compliance with regional laws and regulations by providing a solution to identify and label data appropriately. We now had a system to identify data and apply the right label, which was the main objective. Secondly, it educated end users about the data they were handling. When we gave label recommendations, users learned about the nature of their data and which labels to apply. This increased awareness among end users about the kind of data in their files and the appropriate labels.

Thirdly, it improved the overall data protection ecosystem. For example, it enhanced the effectiveness of our Data Loss Prevention (DLP) system. Instead of DLP starting from scratch, it could work with already classified data, making the process more efficient. We already knew what kind of data existed, which helped DLP work better.

The most valuable aspect of this product is its ability to protect data across boundaries. Currently, I think the most valuable feature is encryption across boundaries.

I am essentially a consultant, working freelance with various clients. Some of these clients need help understanding and organizing sensitive data in their environments across different clouds, applications, and devices. For Microsoft-centric clients, we often recommend using Microsoft Purview as a go-to tool to drive their information protection strategy. This tool allows us to integrate, examine, and analyze data in all these areas, breaking down the process when discussing it with customers.

When speaking to customers, I usually focus on four specific categories of use cases: knowing their data, protecting their data, preventing data loss, and governing their data. Microsoft Purview information protection is capable of addressing all of these use cases.

It is crucial that Microsoft Purview provides data protection across multiple cloud and platform environments. This is a key selling point that I use when working with customers. Nowadays, most organizations are not confined to a single cloud; they are already operating in hybrid environments with both on-premises and public cloud providers. However, more and more of them are moving towards using multiple cloud providers. Microsoft was the first major public cloud provider to offer multi-cloud capabilities in various products, not just in Purview. This feature is a significant benefit that many of my customers base their decisions on when choosing a platform.

Multicloud goes beyond simply connecting resources in AWS, Microsoft, or Azure. It also involves connecting resources in various endpoint platforms such as iOS, Android, and Mac, which are part of the ecosystem we oversee as information security professionals. We require tools that can integrate these devices and comprehend their current state, making it a crucial aspect of our work. Microsoft Purview Information Protection is capable of establishing these connections.

The ability of Microsoft Purview Information Protection to ingest data from non-Microsoft sources is a valuable additional feature that I believe is improving. There are now more capabilities, connections, and opportunities to integrate with third-party products. Every month, it seems like we are adding new capabilities or bringing on new partners. This is a crucial aspect that many of my customers seek, as most companies do not rely solely on Microsoft and Microsoft Azure. They use various platforms and systems, so being able to gather and centralize data from multiple sources is a significant advantage. This allows us to monitor, analyze, make decisions, and react to the data all in one place, instead of going to multiple platforms and vendors. It is a highly sought-after feature for most of my customers when choosing a platform.

Purview's native integration of compliance across Azure Dynamics and Office 365 is important. I believe it is crucial for customers who heavily rely on Microsoft products, but there are also many customers who use non-Microsoft-centric product lines and SaaS solutions. Therefore, having the integration allows us to have visibility into Microsoft's primary products, but it also enables us to connect with additional solutions and examine them, extending our visibility beyond Microsoft products. I think the blended solution is what is most critical.

It is essential for my customers that Purview considers critical regulations worldwide. It is extremely uncommon for me to have customers who are not subject to or aligned with at least one major regulatory compliance framework, be it an ISO standard, an NISC standard, or other US-centric or external regulations like GDPR. Consequently, having these frameworks built-in or the capability to access and integrate them on demand provides significant added value for the majority of my customers.

Data loss protection in Purview is effective for remedying policy violations. It relies on correct setup and architectural choices for implementation. Having implemented hundreds of them for customers worldwide, I can confidently say that making good decisions makes the process straightforward. With the right licensing, we can integrate Purview across the entire productivity suite, including OneDrive, SharePoint, Teams, and Outlook. The end-user experience is relatively seamless as they go about their business. If they try to send sensitive data through the system or store it in inappropriate places, we are able to catch and handle it accordingly. We have options to alert the user, strip the data, notify a manager, or block the communication, depending on the severity of the violation. This gives information security professionals like me the ability to fine-tune the organization's response based on the level of exposure. Overall, Purview is a highly effective and easy-to-operate tool.

It is crucial that Microsoft has extended Purview DLP to MacOS endpoints. Mac comprises a much smaller percentage of the number of desktops in an average organization compared to Windows or Intel-centric solutions. So, on average, it is a small percentage. However, some customers almost exclusively use Mac, so it varies. For most businesses, there aren't too many Mac users in comparison. But it's a blind spot, at least until the extension of capabilities to the Mac platform. We cannot monitor activities on those endpoints, including users' operations and whether they are sharing proprietary confidential sensitive data inappropriately. This lack of visibility prevents us from enforcing compliance and poses a regulatory risk. So, any action taken by a vendor like Microsoft to extend platform capabilities, eliminate these blind spots, and provide us with visibility is greatly welcomed and highly beneficial.

On average, Microsoft Purview Information Protection has provided my customers with much greater visibility into potential risks and threats within their organization. It has also given them access to reliable information to make informed decisions and has helped reduce the number of incidents that occur within their control. This tool has allowed organizations to enforce policies effectively and improve their risk posture and threat mitigation capabilities. In larger organizations, such as those with numerous endpoints and outlets for information, tools like Microsoft Purview are invaluable for constant monitoring and protection. As humans, we are limited in our ability to effectively watch over all this information, so these toolsets are crucial for safeguarding data. Microsoft's ability to deploy these tools at scale through their platform-based licensing is an essential aspect that I regularly discuss with customers.

Purview has been effective in reducing the need for us to interact with multiple solutions, but its success depends on the technology stack used by the organization. If the organization heavily relies on Microsoft and its infrastructure, Purview can help centralize information and minimize the need for multiple tools and platforms. However, even if the organization is Microsoft-friendly and uses third-party platforms, Purview can still reduce the number of tools needed. The key is to present a strong business case to decision-makers to demonstrate the benefits of centralizing reporting, visibility, activity, and monitoring through Purview. 

Purview enables me to have much greater visibility, particularly as I manage numerous infrastructures for multiple clients worldwide. This allows me to quickly comprehend and address any issues they may encounter, without having to track down and communicate with multiple individuals, which can be time-consuming. It is truly a tremendous time-saver and greatly enhances visibility, adding significant value.

AI and automation have significantly improved our speed and accuracy in risk detection. The challenge we have long faced is the overwhelming amount of information to examine without enough resources. To address this, the industry is implementing artificial intelligence, machine learning, data visualization, business analytics, and other technologies. Automation plays a crucial role in determining the key factors involved. In small organizations with limited data and users, manual management may suffice. However, in larger organizations, continuous monitoring and automated workflows are essential. Visual presentation of large volumes of information can be achieved through dashboarding and business intelligence capabilities. AI and automation enable us to identify patterns that may be missed by humans due to the sheer volume of data. They help process information at scale and provide summarized insights to humans for further action. Indicator compromise indicates ongoing issues, while indicators of exposure allow proactive measures to be taken. Purview and AI facilitate identification and response, as well as preemptive actions. These are crucial takeaways from the application of AI and automation in risk management.

I believe that insights are better with AI and automation. They are more tailored to a personalized view of my customer's world, taking into account each individual customer. Microsoft is able to gather trillions of data points every day from millions of customers globally, which benefits us by providing threat intelligence analysis and indicators of potential threats. This has led to significant improvements in actionable intelligence and desired results. In the past, it was difficult to create scalable action and intelligence without visibility into different regions, but AI and scalable platforms have changed that. The platform continues to improve with new features and capabilities, and it is maturing at an impressive rate.

Purview has helped reduce the time to action on insider threats. Depending on whether the organization chooses to be aware of them and take action on them, they can proactively address potential issues instead of reacting through incident management. It has become a significant aspect for many of my customers, as they aim to switch from a reactive to a proactive approach. Our goal is to prevent issues from occurring in the first place, rather than just reacting to them when they do happen. Tools like Purview play a big role in identifying risky and unusual behavior, which could indicate potential concerns. However, it is essential to be mindful that not all unusual behavior is malicious, as there may be legitimate reasons for it, such as business travel. Building an army of humans to monitor for such behavior may not be efficient, as they need breaks and rest. The value of platforms like Purview lies in their ability to continuously monitor without breaks. The responsibility then lies with the humans using these platforms to pay attention to alerts, classify them, and investigate as needed. By doing so, organizations can stay current with potential threats and distinguish between genuine activities and suspicious ones. Ultimately, the success of these tools depends on the organizational culture and how they are utilized.

Purview has helped save both time and money for many of my clients. It has reduced the time to find solutions, identify issues, and respond to them. This has allowed us to respond quicker and address concerns proactively before they become major problems. Additionally, we can now handle higher volumes of information and oversee more systems with the help of these tools, resulting in increased protection. 

Regarding cost savings, it can be challenging to quantify as it depends on individual businesses' needs and usage patterns. Often, companies are underutilizing the capabilities and features they are paying for, leading to duplicative efforts and wasted resources. However, through careful analysis and assessing current products in place, we have been able to identify significant savings over the long term by removing duplicative product licensing and renewing licenses strategically. These savings can then be reinvested elsewhere in the business. Overall, while the process may be complicated, we can achieve substantial savings with the right approach and understanding of our spending.