Try our new research platform with insights from 80,000+ expert users

Microsoft Purview eDiscovery vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Microsoft Purview eDiscovery
Ranking in Microsoft Security Suite
21st
Average Rating
7.6
Reviews Sentiment
7.5
Number of Reviews
8
Ranking in other categories
eDiscovery (2nd)
Microsoft Sentinel
Ranking in Microsoft Security Suite
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Information and Event Management (SIEM) (3rd), Security Orchestration Automation and Response (SOAR) (1st), AI-Powered Cybersecurity Platforms (5th)
 

Mindshare comparison

As of December 2024, in the Microsoft Security Suite category, the mindshare of Microsoft Purview eDiscovery is 0.7%, down from 0.9% compared to the previous year. The mindshare of Microsoft Sentinel is 5.4%, down from 6.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
 

Featured Reviews

Michael Bollhoefer - PeerSpot reviewer
Enables automated legal holds, but sorting and filtering could be improved
The sorting and filtering of the result data need improvement, and the interface for writing queries is not user-friendly for business users. We still need all the backend stuff. We have to use Graph API to interface with everything and create custom interfaces on the front end to make it easier for the end users, which is costly. The reporting, sorting, and filtering capabilities that other products have aren't available natively in Purview.
Nitin Arora - PeerSpot reviewer
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"I think eDiscovery Premium has made dealing with data from Teams much more accessible than any other platform."
"The tool has been beneficial. Some of our previous users left the organization without sharing the information they had at a personal level. This information was related to the organization, and they didn't disclose it. Thanks to the product, it's easy for me to search and find out what communication a specific user has done, whether it's from SharePoint or any other platform. With Microsoft Purview eDiscovery, we can easily retrieve and restore this data."
"Microsoft Purview eDiscovery has saved me personally a lot of time because I can query it, and it touches everything we have as a full Microsoft shop."
"The most valuable features are automatic content logging tagging. Performing these tasks manually would be impossible. Since most of our data is already in Microsoft, it's convenient to run it through this tool."
"The machine learning wasn't half bad. I really like that part. I thought it was novel. It pretty much automated it, once you trained the model."
"Our legal team benefits from using Microsoft Purview eDiscovery."
"Tasks that took an entire day before we implemented Purview now take just 30 minutes."
"The ability to query everything that's in Microsoft and send links or add people, like managers, to review the documents is valuable. It's easy as I don't have to download and email anything. I just add them as a reviewer, and they can access it from there."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"Sentinel uses Azure Logic Apps for automation, which is really powerful. This allows us to easily automate responses to incidents."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"The AI and ML of Azure Sentinel are valuable. We can use machine learning models at the tenant level and within Office 365 and Microsoft stack. We don't need to depend upon any other connectors. It automatically provisions the native Microsoft products."
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
 

Cons

"It has been one of the most solid tools I have worked with. However, Purview Data Loss Protection for remediating policy violations needs refinement, for example, in defining what constitutes a credit card because that is where I get the most false positives."
"The sorting and filtering of the result data need improvement, and the interface for writing queries is not user-friendly for business users. We still need all the backend stuff. We have to use Graph API to interface with everything and create custom interfaces on the front end to make it easier for the end users, which is costly. The reporting, sorting, and filtering capabilities that other products have aren't available natively in Purview."
"The sorting and filtering of the result data need improvement, and the interface for writing queries is not user-friendly for business users."
"I would suggest adding more platforms. Currently, it's compatible with OneDrive, Teams, SharePoint, and Exchange. Adding more features, as Microsoft continues to expand their cloud offerings, would be beneficial. Exploring options like Azure Files might be an avenue for improvement."
"Purview eDiscovery works, but it's not entirely perfect. There were times when search results would get hung up or error codes would be presented and we'd have to contact Microsoft to get that sorted out."
"I would suggest adding more platforms."
"The query language can be time-consuming to figure out if you don't know it initially. While there are options with dropdowns to select criteria, having a natural language feature would be beneficial. Copilot is expected to add such functionality in the future."
"Microsoft Purview eDiscovery should be cheaper."
"Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"We're satisfied with the comprehensiveness of the security protection. That said, we do have issues sometimes where there have been global outages and we need to raise a ticket with Microsoft."
"Documentation is the main thing that could be improved. In terms of product usage, the documentation is pretty good, but I'd like a lot more documentation on Kusto Query Language."
"We'd like also a better ticketing system, which is older."
"Multi-tenancy, in my opinion, needs to be improved. I believe it can do better as a managed service provider."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
 

Pricing and Cost Advice

"The pricing and licensing with Microsoft can be complex, and licensing is known to be a challenge because it changes frequently. While the licensing for Purview is not as tricky as other Microsoft products, navigating licenses since the shift to E3 and E5 plans has been a task, as individual licenses must now be purchased separately."
"Microsoft Purview eDiscovery comes as part of Microsoft 365 licenses."
"With the full bundle, pricing is not a significant concern. As an M3, I find the Purview pricing of 1250 per user worthwhile."
"In the positions that I've had through contracting over the years, I've heard talk of it being overpriced and underperforming compared to its competitors."
"The costs associated with E5 licensing are currently expensive for us, so we use the E3 license, which comes with fewer features and functionalities."
"It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
"The pricing is fair... With a traditional SIEM, you pay a lump sum for licenses. But with Sentinel, it's pay-as-you-go according to the amount of data you inject."
"From a cost perspective, there are some additional charges in addition to the licensing."
"Some of the licensing models can be a little bit difficult to understand and confusing at times, but overall it's a reasonable licensing model compared to some other SIEMs that charge you a lot per data."
"I am not involved on the financial side, but from an enterprise-wide use perspective, I think the price is good enough."
"Sentinel can be expensive. When you ingest data from sources that are outside of the cloud, you're paying a fair amount for that data ingestion. When you're ingesting data sources from within the cloud, depending on what your retention periods are, it's not that expensive."
"Microsoft Sentinel's pricing is relatively expensive and extremely confusing."
report
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
824,067 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Government
12%
Computer Software Company
11%
University
6%
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft Purview eDiscovery?
The tool has been beneficial. Some of our previous users left the organization without sharing the information they had at a personal level. This information was related to the organization, and th...
What is your experience regarding pricing and costs for Microsoft Purview eDiscovery?
We go through CDW for all of our acquisitions, and they are very easy to work with. With CSP or MCE-style agreements with Microsoft, the process is streamlined since we have reps from both Microsof...
What needs improvement with Microsoft Purview eDiscovery?
I would suggest adding more platforms. Currently, it's compatible with OneDrive, Teams, SharePoint, and Exchange. Adding more features, as Microsoft continues to expand their cloud offerings, would...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

No data available
Azure Sentinel
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Microsoft Purview eDiscovery vs. Microsoft Sentinel and other solutions. Updated: October 2024.
824,067 professionals have used our research since 2012.