Try our new research platform with insights from 80,000+ expert users

Microsoft Purview eDiscovery vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
7.7
Microsoft Purview eDiscovery boosts ROI by improving data efficiency, compliance, risk management, and reducing legal and IT workloads.
Sentiment score
7.3
Users find Microsoft Sentinel offers positive ROI through improved visibility, automation, and efficiency, despite initial costs and quantification challenges.
The ease of accessing necessary information promptly is the biggest return on investment.
We have seen a 100% return on investment.
It's hard to quantify the ROI in a dollar amount, but we realize value by doing more tasks in less time than we did before.
 

Customer Service

Sentiment score
7.6
Microsoft Purview eDiscovery is praised for responsive support, despite some mixed experiences with wait times and outcomes.
Sentiment score
6.7
Microsoft Sentinel support is mixed; premium plans and better Microsoft relationships yield favorable experiences despite some challenges.
I would rate Microsoft Purview eDiscovery's customer service and technical support a ten.
Their solutions' integration simplifies resolving issues compared to those caused by third-party products.
Working with a Sentinel engineer helped us tune settings effectively.
 

Scalability Issues

Sentiment score
7.9
Microsoft Purview eDiscovery is scalable and efficient, seamlessly integrating with cloud infrastructures but lacks some search functions.
Sentiment score
8.1
Microsoft Sentinel's cloud architecture ensures scalable, flexible data handling with minimal management, supporting large user bases and easy integration.
It scales with us seamlessly.
With the E3 licensing, I would rate the scalability of Microsoft Purview eDiscovery as a six because it lacks certain critical search functionalities.
Office 365 and Exchange are running on it, covering about 35,000 users efficiently.
As our organization uses Microsoft Azure and Defender, everything grows together, and we can integrate various features seamlessly.
 

Stability Issues

Sentiment score
8.6
Microsoft Purview eDiscovery is generally stable, with minor slowdowns, but users seek more transparency on performance issues.
Sentiment score
7.8
Microsoft Sentinel is highly stable and reliable, with users praising its performance and noting rare, minor configuration issues.
For us, it has been one hundred percent reliable.
Microsoft Purview eDiscovery is highly reliable.
So far, we have not experienced any issues, and it has been stable from the beginning.
Sentinel's stability is great.
 

Room For Improvement

Microsoft Purview eDiscovery needs faster, more efficient features, better integration, NLP for queries, and affordable pricing for users.
Microsoft Sentinel users seek improved third-party integration, user-friendly features, enhanced threat intelligence, and streamlined data management to reduce costs.
Adding more features, as Microsoft continues to expand their cloud offerings, would be beneficial.
We find that many critical functions are available only to E5 license holders.
The reporting, sorting, and filtering capabilities that other products have aren't available natively in Purview.
We have some tools, such as our off-site Meraki firewalls, that have not fully integrated with Sentinel.
Currently, we are happy to have a way in the middle with not so much cost, but it would be nice to have the ability to enhance the automation of workflows based on learned incidents.
 

Setup Cost

Microsoft Purview eDiscovery pricing is complex, with E5 costly yet beneficial, while E3 is cheaper but limited.
Microsoft Sentinel offers cost-effective, consumption-based pricing, benefiting from Azure integration with careful data management to control expenses.
The pricing and licensing with Microsoft can be complex, and licensing is known to be a challenge because it changes frequently.
As an M3, I find the Purview pricing of 1250 per user worthwhile.
With CSP or MCE-style agreements with Microsoft, the process is streamlined since we have reps from both Microsoft and CDW working together.
We already had the necessary licensing for Sentinel, so we didn't need to spend extra money.
 

Valuable Features

Microsoft Purview eDiscovery ensures efficient data retrieval with multi-platform integration, automation, compliance visibility, and adherence to global data privacy laws.
Microsoft Sentinel offers seamless integration, AI-driven threat detection, and automation, providing comprehensive security and ease of setup for organizations.
The most valuable feature of Microsoft Purview eDiscovery is its ability to search across various platforms, including Exchange, SharePoint, Teams, and OneDrive.
Purview's inclusion of global regulations is critical because we're heavily regulated by FERC, Sarbanes-Oxley, and the SEC.
Purview can connect to iOS, Mac, Android, and SaaS apps, which is critical for capturing SMS and MMS text message data.
Custom workbooks are valuable. It is one of the crucial points in dealing with potential security threats in an automated way without requiring too much manpower.
 

Categories and Ranking

Microsoft Purview eDiscovery
Ranking in Microsoft Security Suite
24th
Average Rating
7.6
Reviews Sentiment
7.5
Number of Reviews
8
Ranking in other categories
eDiscovery (2nd)
Microsoft Sentinel
Ranking in Microsoft Security Suite
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Security Orchestration Automation and Response (SOAR) (1st), AI-Powered Cybersecurity Platforms (6th)
 

Mindshare comparison

As of January 2025, in the Microsoft Security Suite category, the mindshare of Microsoft Purview eDiscovery is 0.6%, down from 0.9% compared to the previous year. The mindshare of Microsoft Sentinel is 5.4%, down from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
 

Featured Reviews

Frank Radeck - PeerSpot reviewer
Tasks that took an entire day before we implemented the solution now take just 30 minutes.
The most valuable feature of Microsoft Purview eDiscovery is its ability to search across various platforms, including Exchange, SharePoint, Teams, and OneDrive. It enables a streamlined, unified process for searching across these platforms. It is critical for Purview to be able to connect to iOS, Mac, and Android devices and data in other SaaS apps. From a support perspective, I can do things while I'm eating lunch or something else. It's more dynamic and responsive. I think everybody appreciates it. We're not tied to one device. Purview's multi-cloud capabilities are also essential for the same reasons. Keeping everything under one umbrella further increases the time savings. Purview accounts for critical regulations from around the world. This is crucial because we hold ourselves accountable to standards and need to align with them. Working at a law firm, we have clients who dictate to us what standards they expect. The visibility is excellent. As we move more things into the cloud, more opportunities exist to put everything under one umbrella.
KrishnanKartik - PeerSpot reviewer
Every rule enriched at triggering stage, easing the job of SOC analyst
It's a Big Data security analytics platform. Among the unique features is the fact that it has built-in UEBA and analytical capabilities. It allows you to use the out-of-the-box machine learning and AI capabilities, but it also allows you to bring your own AI/ML, by bringing in your own IPs and allowing the platform to accept them and run that on top of it. In addition, the SOAR component is a pay-per-use model. Compared to any other product, where customization is not available, you can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today. Other vendors charge heavily for the SOAR, but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer. The SOAR engine also uniquely helps us to automate most of the incidents with automated enrichment and that cuts out the L1 analyst work. And combining M365 with Sentinel, if you want to call it integration, takes just a few clicks: "next, next finish." If it is all M365-native, it is a maximum of three or four steps and you'll be able to ingest all the logs into Sentinel. That is true even with AWS or GCP because most of the connectors are already available out-of-the-box. You just click, put in your subscription details, include your IAM, and you are finished. Within five to six steps, you can integrate AWS workloads and the logs can be ingested into Sentinel. When it comes to a third party specifically, such as log sources in a data center or on-premises, we need a log collector so that the logs can be forwarded to the Sentinel platform. And when it comes to servers or something where there is an agent for Windows or Linux, the agent can collect the logs and ship them to the Sentinel platform. I don't see any difficulties in integrating any of the log sources, even to the extent of collecting IoT log sources. Microsoft Defender for Cloud has multiple components such as Defender for Servers, Defender for PaaS, and Defender for databases. For customers in Azure, there are a lot of use cases specific to protecting workloads and PaaS and SaaS in Azure and beyond Azure, if a customer also has on-premises locations. There is EDR for Windows and Linux servers, and it even protects different kinds of containers. With Defender for Cloud, all these sources can be seamlessly integrated and you can then track the security incidents in Microsoft's XDR platform. That means you have one more workspace, under Azure, not Defender for Cloud, where you can see the security incidents. In addition, it can be integrated with Sentinel for EDR deep-dive analytics. It can also protect workloads in AWS. We have customers for whom we are protecting their AWS workloads. Even EKS, Elastic Kubernetes Service, on AWS can be integrated, as can the GKE (Google Kubernetes Engine). And with Defender for Cloud, security alert ingestion is free
report
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
831,265 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
14%
Government
12%
Computer Software Company
11%
University
6%
Computer Software Company
16%
Financial Services Firm
11%
Manufacturing Company
8%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft Purview eDiscovery?
The tool has been beneficial. Some of our previous users left the organization without sharing the information they had at a personal level. This information was related to the organization, and th...
What is your experience regarding pricing and costs for Microsoft Purview eDiscovery?
The setup process was very straightforward. We acquired pricing through our reseller in NASDAQ, eliminating the need to search for prices ourselves.
What needs improvement with Microsoft Purview eDiscovery?
The query language can be time-consuming to figure out if you don't know it initially. While there are options with dropdowns to select criteria, having a natural language feature would be benefici...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

No data available
Azure Sentinel
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Microsoft Purview eDiscovery vs. Microsoft Sentinel and other solutions. Updated: October 2024.
831,265 professionals have used our research since 2012.