Try our new research platform with insights from 80,000+ expert users

Microsoft Purview Information Protection vs Microsoft Sentinel comparison

 

Comparison Buyer's Guide

Executive Summary
 

Categories and Ranking

Microsoft Purview Informati...
Ranking in Microsoft Security Suite
21st
Average Rating
7.8
Number of Reviews
7
Ranking in other categories
Data Governance (9th), Data Privacy Management Software (3rd)
Microsoft Sentinel
Ranking in Microsoft Security Suite
5th
Average Rating
8.2
Reviews Sentiment
7.1
Number of Reviews
89
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Security Orchestration Automation and Response (SOAR) (1st)
 

Mindshare comparison

As of November 2024, in the Microsoft Security Suite category, the mindshare of Microsoft Purview Information Protection is 1.2%, down from 1.5% compared to the previous year. The mindshare of Microsoft Sentinel is 5.6%, down from 6.4% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Microsoft Security Suite
 

Featured Reviews

Nagendra Nekkala. - PeerSpot reviewer
Dec 15, 2023
Effectively controls and classifies sensitive information, providing robust protection for our documents and emails
When implementing Microsoft Purview Information Protection, I aimed to automatically classify sensitive data and ensure its protection. The goal was to streamline the process of identifying and securing sensitive information to enhance overall data security measures. Microsoft Purview Information Protection has significantly improved our company by ensuring data security across all locations. I no longer worry about the safety of my data, especially sensitive information. Whether it is critical or not, the system reliably protects our information without any concerns. It has saved us time overall. We are looking at a time savings of around two to three hours a day. It also helped us save money, especially considering the high cost associated with data. Ensuring that our data is secure and not at risk has translated into significant internal cost savings.
Nitin Arora - PeerSpot reviewer
Nov 2, 2022
Gives us one place to investigate and respond to threats, and automation eliminates manual work
They can work on the EDR side of things. It is already really superb, because of the kinds of features we get with the EDR solution. It's not a standard EDR and they have recently enhanced things. But the problem is with onboarding devices. I have different OS flavors, including a large number of Linux, Windows, macOS, and some on-prem machines as well. Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work. They can eliminate having to do manual configuration for the machines, and check the different types of configurations for each OS. In some cases, it does not support some OSs. If they could reduce this type of work, that would be really amazing.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The UI is user-friendly, and I have observed that it improves further each year."
"Incorporating data loss prevention capabilities built into the Microsoft platform to endpoints, such as Windows 10 and Windows 11 computers, can also help prevent data loss and is highly advantageous."
"It ensures that sensitive data is automatically safeguarded, even for email attachments, regardless of the user or device."
"We use the solution for our customers' services. It helps identify and protect sensitive data in documents, PDFs, emails, and Teams chats to prevent data leakage. It can detect and block emails containing credit card information sent outside the organization."
"Before using it, we had a lot of unlabeled data, and the tool helped us quickly and accurately label a large number of documents."
"We can restrict access or specify who can see sensitivity labels, which can be based on the classification level. We can encrypt restricted content and limit who can see that from an internal view, too, so Purview is a powerful tool."
"I created training materials for end users on applying different labels, explaining their purposes, and providing examples. This was crucial since end users would apply the labels in different protection scenarios. The implementation helped the organization in several ways."
"The features that stand out are the detection engine and its integration with multiple data sources."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"The UI of Sentinel is very good and easy to use, even for beginners."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP."
 

Cons

"There is potential for more integration in the use of AI."
"Microsoft can improve the affordability of Purview Information Protection by offering it at a lower cost."
"Microsoft Purview Information Protection can improve in terms of scan concurrency and scan processing time."
"There is room for improvement with the policy tips feature."
"I had experience with previous versions of Microsoft Purview Information Protection as well. The new version doesn't have all the features that were present in the previous native clients and functionalities. For example, the ability to track documents - knowing where your document is, who is accessing it, when and where. You could even revoke access to a particular document if needed, which was a cool feature. These aren't available right now, although Microsoft is working on bringing them back, which might take some time."
"I wouldn't recommend Microsoft Purview Information Protection for petabytes of documents as performance might be affected."
"Our primary concern is third-party application visibility. Many people choose other DLP tools, as they can search the Office 365 suite and detect sensitive information across thousands of other apps. The product is weak compared to the competitors on the DLP front, but the classification is good; the tool needs a bit more maturation."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"They're giving us the queries so we can plug them right into Sentinel. They need to have a streamlined process for updating them in the tool and knowing when things are updated and knowing when there are new detections available from Microsoft."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"Its implementation could be simpler. It is not really simple or straightforward. It is in the middle. Sometimes, connectors are a little bit complex."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"We'd like to see more connectors."
 

Pricing and Cost Advice

"The tool's pricing is not a problem for customers because they often purchase it as part of a bundle. With an E5 license, for example, users get access to the entire functionality. This is one of the main reasons why many customers are choosing Microsoft."
"The price is determined by the enterprise licensing, either the E3 or E5 licensing or the EMS plus security and other feature licensing."
"The tool's pricing is fairly low, less than 100,000 for a year."
"The product is affordable, and our clients agree. Sensitivity labels come with the MIP license at an additional $2 a month per user, an excellent deal for auto-labeling capabilities."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"It is certainly the most expensive solution. The cost is very high. We need to do an assessment using the one-month trial so that we can study the cost side. Before implementing it, we must do a careful calculation."
"Microsoft Sentinel can be costly, particularly for data management."
"The pricing is based on how much you ingest, so it's pretty straightforward. There are no tiers, and you pay for what you use unlike with other types of SIEM solutions that are usually based on tiers."
"I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
"Microsoft can enhance the licensing side. I feel there is confusion sometimes... They should have a single license in which we have the opportunity to use the EDR or CASB solution."
"Sentinel is fairly priced and pretty cost-effective."
"I am not involved on the financial side, but from an enterprise-wide use perspective, I think the price is good enough."
report
Use our free recommendation engine to learn which Microsoft Security Suite solutions are best for your needs.
814,649 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
19%
Computer Software Company
12%
Retailer
8%
Government
7%
Computer Software Company
16%
Financial Services Firm
10%
Government
8%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Microsoft Purview Information Protection?
It ensures that sensitive data is automatically safeguarded, even for email attachments, regardless of the user or device.
What is your experience regarding pricing and costs for Microsoft Purview Information Protection?
The tool's pricing is not a problem for customers because they often purchase it as part of a bundle. With an E5 license, for example, users get access to the entire functionality. This is one of t...
What needs improvement with Microsoft Purview Information Protection?
I had experience with previous versions of Microsoft Purview Information Protection as well. The new version doesn't have all the features that were present in the previous native clients and funct...
Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and its Threat Hunting functionality with AI available as templates or customized ...
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingestion of anything, but the charge per GB/Day Indexed and it gets expensive as log ...
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is auto-scaling - you will not have to worry about performance impact, you will...
 

Also Known As

Microsoft Information Protection
Azure Sentinel
 

Overview

 

Sample Customers

Information Not Available
Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Find out what your peers are saying about Microsoft Purview Information Protection vs. Microsoft Sentinel and other solutions. Updated: October 2024.
814,649 professionals have used our research since 2012.