We performed a comparison between Microsoft Purview eDiscovery and Microsoft Sentinel based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The tool has been beneficial. Some of our previous users left the organization without sharing the information they had at a personal level. This information was related to the organization, and they didn't disclose it. Thanks to the product, it's easy for me to search and find out what communication a specific user has done, whether it's from SharePoint or any other platform. With Microsoft Purview eDiscovery, we can easily retrieve and restore this data."
"I think eDiscovery Premium has made dealing with data from Teams much more accessible than any other platform."
"The machine learning wasn't half bad. I really like that part. I thought it was novel. It pretty much automated it, once you trained the model."
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"It has basic out-of-the-box integrations with multiple log sources."
"It is quite efficient. It helps our clients in identifying their security issues and respond quickly. Our clients want to automate incident response and all those things."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"If you know how to do KQL (kusto query language) queries, which are how you query the log data inside Sentinel, the information is pretty rich. You can get down to a good level of detail regarding event information or notifications."
"The connectivity and analytics are great."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Microsoft Purview eDiscovery should be cheaper."
"Purview eDiscovery works, but it's not entirely perfect. There were times when search results would get hung up or error codes would be presented and we'd have to contact Microsoft to get that sorted out."
"I see two significant challenges with many of my clients. One is that there are some functionality gaps compared to specialized tools in the legal industry, like a legal hold tool or a document review tool. They have features that Purview eDiscovery lacks. Those gaps create a situation where I almost have to do things twice. I need to collect all my data in eDiscovery and ship it to another platform to complete the review."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"I think the number one area of improvement for Sentinel would be the cost."
Microsoft Purview eDiscovery is ranked 25th in Microsoft Security Suite with 3 reviews while Microsoft Sentinel is ranked 6th in Microsoft Security Suite with 86 reviews. Microsoft Purview eDiscovery is rated 7.0, while Microsoft Sentinel is rated 8.2. The top reviewer of Microsoft Purview eDiscovery writes "It has improved visibility and simplified data review, but it lacks many features found in specialized tools". On the other hand, the top reviewer of Microsoft Sentinel writes "Gives a comprehensive and holistic view of the ecosystem and improves visibility and the ability to respond". Microsoft Purview eDiscovery is most compared with Google Vault, Microsoft Purview Data Governance, Veritas Enterprise Vault.cloud, Smarsh eDiscovery and Exterro, whereas Microsoft Sentinel is most compared with AWS Security Hub, IBM Security QRadar, Wazuh, Microsoft Defender for Cloud and Elastic Security. See our Microsoft Purview eDiscovery vs. Microsoft Sentinel report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.