Microsoft Purview Data Governance Reviews

As a Microsoft partner, we specialize in selling Microsoft products to our clients. Microsoft Purview serves as a typical data cataloging tool within our data governance projects.

Microsoft Purview offers comprehensive data protection capabilities across multi-cloud and multi-platform environments, including AWS and Google Cloud Platform. When discussing data protection, it's essential to recognize the different facets of Purview solutions. Firstly, there's the data catalog side, which focuses on organizing and managing data assets. Secondly, there's the risk and compliance aspect, which encompasses solutions like data loss prevention, insider risk management, and information protection for data security. Additionally, there are risk and compliance management features such as data lifecycle management, e-discovery, audits, and communication compliance. Microsoft Purview has been working towards integrating these three aspects—data security, data governance, and risk and compliance—into a unified interface which would provide a seamless experience for users to manage all aspects of data protection efficiently.

The ability for Purview to connect with iOS, Mac, and Android devices, as well as data from various SaaS applications, is of utmost importance. Customers prioritize this capability because they aim to safeguard their data regardless of its location—whether on mobile devices, in the cloud, or on computers.

It serves as a connection platform that supports the integration of data from non-Microsoft sources. While its capabilities for connecting with non-Microsoft data sources are continuously improving, there are still some limitations. Presently, Purview can connect with other cloud vendors such as Google Cloud, Amazon, and IBM.

Ensuring native integration of compliance across Azure, Dynamics, and Office 365 is a top priority for Purview. The aim is to consolidate all compliance functionalities into a unified interface, although currently, they remain separate. The ultimate goal is to streamline compliance processes by centralizing them within a single portal.

We use Purview for data loss prevention.

It hasn't yet streamlined the integration of solutions we interact with, as they remain separate. However, once the unification of data governance, data security, and risk compliance functionalities into one portal is fully implemented, it will likely reduce the need for multiple interactions. Currently, we're still navigating through different interfaces and portals to achieve our goals. So, as of now, the solutions remain separate, but there's potential for improvement in the future.

Purview has enhanced our visibility into our data estate, especially through the democratization of data via the data catalog. By surfacing our data assets and making them accessible throughout the organization, we've achieved better visibility overall. However, it's crucial to note that successful data governance requires more than just technology—it also involves having the right teams, processes, and policies in place. Therefore, by ensuring that all three components of data governance are aligned and well-managed, leveraging Purview's data catalog can significantly improve visibility into our assets.

There are AI components utilized for classification purposes, particularly in identifying names, such as people's first names and locations like cities. Additionally, there's deeper integration with MDM partners like Profisee and Tamr, who leverage Azure OpenAI for this purpose. However, even without these third-party vendors, within the data catalog or data map, classification relies on machine learning to identify and surface sensitive information effectively. AI has a significant impact on the quality of insights in Purview. It automatically classifies sensitive assets during scanning, which effectively reduces manual effort and ensures thorough coverage of sensitive information within the data catalog.

The ability to demonstrate compliance in real-time is facilitated by a dedicated solution known as Compliance Manager. This specific Purview solution falls under the category of risk and compliance, providing the necessary tools to showcase compliance status effectively.

Purview, particularly the Compliance Manager, has assisted us in enhancing compliance with regulatory requirements. With Purview Compliance Manager, it identifies areas where compliance may be lacking and provides actionable steps to achieve compliance. This tool facilitates easier discussions with compliance stakeholders and ensures alignment on necessary actions.

It has contributed to reducing the time required to address insider threats through its integration with Microsoft Defender for Endpoint. This integration includes a specific feature known as Insider Risk Management, which enables proactive detection of and alerts for suspicious or malicious activities.

It has helped save both time and money. One particular feature is called Data Sharing. Its primary aim is to minimize data duplication. This feature allows users to share data internally and externally without physically moving the data itself. Instead of creating additional copies of data as attachments or sending them via email, users can share data directly from its existing location. This reduces the need for storing multiple copies of the same data, ultimately saving storage space and associated costs.

It has enhanced our ability to maintain compliance by integrating Purview with Microsoft Sentinel. This integration enables the creation and sending of alerts, allowing us to proactively address sensitive information as it enters our data catalog.

It is designed to seamlessly connect to various data sources, which is particularly beneficial for our customers who primarily use Microsoft technologies. These sources include Azure Data Lake Storage Gen2, Synapse Workspace, and other platforms that Purview natively supports. Data cataloging is a fundamental feature of Purview, allowing users to organize and manage their data assets effectively. It also offers powerful lineage capabilities, enabling users to trace data from its source systems to the reporting layer. While there are some limitations in supporting end-to-end lineage for certain assets, Purview excels in automating lineage for supported assets such as Azure Data Factory and Synapse pipelines. Another valuable feature of Purview is its glossary terms functionality. Recently, we completed a project for a customer who was migrating their data dictionary from SharePoint to Purview's data catalog. This migration allowed them to seamlessly connect glossary terms to their ingested data assets, enhancing their data management and governance capabilities significantly.

Data quality has been a highly requested feature among customers. While it was initially scheduled for release in December last year, I anticipate that this feature will be available soon this year.

I suppose that with the integration of all three solutions—data security, data governance, and risk and compliance—there will be a clearer direction regarding changes on the people side of things. Like any other changes, this integration will necessitate new responsibilities, processes, and policies. It's essential to outline the expected changes on the people side, such as identifying impacted personas and defining their new responsibilities.

I have been working with it for three years.

I've encountered some slight lag, although Microsoft boasts a 99.9% SLA guaranteeing availability. This means there's an estimated downtime of around eight hours per year, but overall, disruptions are minimal.

Scalability has become more streamlined with recent updates. Previously, selecting a data map capacity was necessary when creating the data catalog, but now scalability has been improved. This means reduced overhead and eliminates the need for manual adjustment, making it easier to manage.

I've reached out to tech support numerous times. Interacting with them is always a positive experience because they consistently offer prompt assistance and valuable insights. It's particularly beneficial when dealing with new features or issues that many clients may not have encountered yet. They consistently deliver the assistance I need promptly and effectively. In cases where immediate answers are not available, I escalate the issue until I connect with the right individuals who can provide the necessary assistance. I would rate it ten out of ten.

Positive

Before transitioning to Purview, I was using the older version, which was Data Catalog.

The initial setup of Purview is straightforward, requiring just a few clicks to create an Azure account on the Purview portal. However, the complexity arises in setting it up properly, especially considering the Cloud Adoption Framework and the Analytics framework. While the setup can initially be simple, achieving scalability requires certain skills and responsibilities within the organization to ensure it's done properly. Scaling the architecture involves creating new data landing zones or subscriptions for different data workloads, such as Azure Machine Learning Workspace for data science teams while maintaining organizational governance and best practices. We are the ones responsible for assisting people in implementing Purview.

Typically, it requires at least two individuals from our team to deploy Purview, though sometimes up to three, depending on their skill sets. One essential role is a data governance lead responsible for overseeing tasks related to the data catalog, such as setting up the collection hierarchy and defining data domains. On the Azure infrastructure side, either a versatile solution architect or an Azure architect is needed to define the data management landing zone and data landing zone. This individual may also take on the role of a DevOps engineer to manage CI/CD processes for resource deployment and integration. Additionally, a data engineer is required to facilitate the movement of data assets from sources to the data warehouse. Lastly, a fabric administrator assists with necessary tenant settings. However, at a minimum, a solution architect and a data governance lead are essential, with the solution architect often taking on multiple roles.

The return on investment involves significant effort initially, but as organizations mature in their data governance practices, they begin to reap the benefits. These benefits include improved data quality, enhanced visibility of data assets, and increased compliance.

Currently, the licensing differs for the governance side compared to the risk and compliance side. On the governance side, the charges are based on the usage of Purview, including the data map, data catalog, and scanning and classification jobs. However, on the risk and compliance side, it's based on licensing, specifically the E5 license, to access the risk and security compliance features. As of now, the pricing structures remain separate. Improvements in providing clearer information on any pricing changes as these three solutions are unified would be beneficial.

The data quality is a top priority for clients and customers, and while it's expected to be available soon, there are a couple of reasons why there's a slight drawback. Firstly, the rebranding and renaming have confused customers. Although the move towards unifying everything into a single portal is a positive step, it has led to some customer confusion. Providing clearer guidance and communication about these changes and their associated responsibilities will be essential moving forward. Additionally, recent changes in features, such as the replacement of classification with sensitive information types in Compliance Manager, have shifted certain responsibilities from data governance leads to compliance or security teams. While this change impacts customers already using classification rules, it signifies a broader shift in responsibilities. Furthermore, the integration of Purview into Fabric is another aspect that requires better communication, likely due to upcoming changes and features. It's expected that after the unification of tools and features in the unified portal, there will be more emphasis on Fabric integration. Currently, details about this integration have been limited, but this is likely to change with upcoming releases. Overall, I would rate it seven out of ten.

We are labeling our documents, and based on those labels, encryption is applied depending on how sensitive the data is. Documents that leave our organization are automatically encrypted.

We plan to use Purview for data loss protection, but we aren't there yet. That's the next phase of our rollout. We're setting up governance, identification, and classification before moving to DLP. We have started some pilot groups within Teams to test how it will block PHI personal health information that's transmitted via text or voice in a transcript. We've seen some success, but it also blocks a lot of things that it shouldn't. It's a matter of fine-tuning.

We're going to have the benefit of being able to roll out Copilot more securely, but we're not there quite yet.

The sensitivity labeling is the most valuable feature because it is the foundation for automating the encryption process and ensuring proper data handling across the organization.

It is helpful that Purview can connect to iOS, Mac, and Android devices because you need to be able to govern the ecosystem no matter where your data is. Purview's consideration of critical regulations from around the world is crucial because we operate globally, so we need to adjust how data is handled for our employees in other countries.

We haven't really gotten too far into it to identify areas for improvement just yet.

We haven't been using it for long. We are currently in the pilot phase, gradually rolling it out. We've been building the policies, and the rollout to a pilot group started three weeks ago.

I couldn't really say about the stability so far, but I have confidence in it.

It's definitely scalable. With automation, you can label five documents or 50,000 with the same amount of clicks. It handles all the data you can throw at it.

I rate Microsoft customer service 10 out of 10. Support is a little slow, but it's very beneficial. They're skillful people who know what they're doing in their space. Some unforeseen speed bumps along the way have slowed things down. It's nor something that I would be mad about, but I wish the project would be done by now so we could get our Copilots all rolled up.

We have a good rapport with them and get along well. We can candidly talk to them about things and ask for help. They're always happy to do what they need to to get the answers we need. 

Positive

We used some built-in legacy permissions and tools for file management, along with Excel's advanced features, which are now part of Microsoft Purview.

It's been a slow process. We're taking our time and working with a partner. It's been slow, but this is one of those cases where that's necessary.

We worked with a consultant named Lighthouse. They've been very beneficial, skillful, and know their field well. Despite some unforeseen speed bumps slowing the project, their expertise has been valuable.

We're working with a Microsoft partner to carefully create labels and test all the features and policies behind the labels. We rolled it out to our first pilot group. We have a test SharePoint site that we're using alongside that. Once we have more data and and feedback from the pilot group, we'll expand that company-wide.

The experience with pricing, setup costs, and licensing was smooth, as most Purview functionalities were included in the e5 licenses we migrated to for other reasons.

We did not evaluate any other solutions as we were acquiring an E5 license, which integrated Purview features without the need for exploring alternatives.

I rate Microsoft Purview Data Governance eight out of 10. Once you start using it and see what it can do, it's really intuitive.

My organization had a large amount of sensitive data stored primarily in SharePoint Online. We also operate in a highly regulated industry. Therefore, we wanted to take advantage of some of the features offered by Microsoft Purview. Initially, we focused on sensitivity and retention labels, but we later expanded to include data loss prevention and benchmarking our data against the built-in regulations offered by Purview.

It is important that Purview delivers data protection across multi-cloud and multi-platform environments. Many organizations have multiple systems, which can be difficult to manage. I know that many of my clients are currently trying to amalgamate their systems and bring them all under one umbrella, but there will always be cases where organizations will not be able to have everything in a single software solution like Microsoft 365. Being able to take advantage of Purview's excellent features and deploy them across not only 365 but also other systems makes it much easier. I think this is one of the reasons why organizations are starting to look at things like Purview: it has the ability to deploy more widely, saving organizations a lot of time and effort and centralizing control.

It is important that Purview can connect to iOS, Mac, and Android devices, as well as other data and SaaS apps. Many organizations issue portable devices to their staff, especially those with a high percentage of hybrid remote workers. These mobile devices have become essential, both personally and professionally. Having governance across multiple devices is a brilliant feature.

Purview's integrated data link compliance is a great feature. The biggest selling point for me is the ability to deploy it from one location; I haven't been able to manage everything in one place before. This makes it much easier for local administrators, and it can also be used across different environments.

The connectors for supporting non-Microsoft data sources are a brilliant feature and a smart move by Microsoft. They allow us to apply our governance policies to data sources such as Twitter and WhatsApp, which are used by many organizations for customer interaction. This is important because it allows us to protect our customers' data, even when they are interacting with us on multiple platforms.

My experience of the critical regulations that Purview was built taking into account is predominantly UK regulations. When I first started at my organization,  part of my role was data protection. So being able to benchmark our data against the GDPR and some of the UK's specific regulations was fantastic. But now I work with multinational clients, so we have offices in various locations in different geographies. So having specific legislation for the areas in which they operate is brilliant. More organizations are spread across different continents and countries. So being able to apply different legislation to different parts of their estate depending on where their offices are operating is a fantastic feature.

We are currently updating our data loss prevention policy internally, and we highly recommend that our clients use Microsoft Purview for DLP as well. I demonstrated Purview to a client a few months ago, and they were incredibly impressed with how effective it can be. I think they were particularly surprised by how quickly it can identify sensitive data. For example, we did a quick test where we uploaded a document that contained a piece of personal information that we had asked the Purview policy to look for. As soon as we uploaded the document to a SharePoint document library, we received an email alert warning us that the sensitive information was present and could be accessed by others. The alert was almost instantaneous. This shows that Purview is a very effective system for protecting data.

Microsoft Purview has enabled us to truly embed a culture of data governance among staff. This has been a major success, not just within our own organization, but also with our partners and clients. Many people talk about the importance of data governance, but Purview has helped us to increase the knowledge base of our users and empower them to take ownership of their data, rather than relying solely on IT professionals or data protection staff. This is a real positive for any business, especially those that work with sensitive information. The automation capabilities of Purview have also been a huge hit with our users. The ability to automatically apply data labels and implement advanced encryption policies has made it much easier for us to protect our data.

In previous years, we have used various methods and systems to try to achieve the same outcome, including spreadsheets and stand-alone systems. We are heavy users of Microsoft 365, so it is our primary system, but we also use other systems. Having one solution that can deploy our core policies and protections across different devices and platforms.

Microsoft Purview's reduction of solutions simplified our data governance. In the past, our data was scattered across different locations, making it difficult to manage and protect. Purview has brought our data together into one place, making it easier for users to access and for us to implement data governance policies. I believe that the more systems we have, the greater the risk of data protection incidents and the more difficult it is to deploy a unified data governance strategy. Reducing the complexity of our IT infrastructure goes hand-in-hand with improving data governance.

Some of the features in Purview have illuminated areas of our data site. In particular, when we have worked with organizations with large volumes of data, it has helped us to identify issues. For example, benchmarking our state against GDPR highlighted aspects of our operations that were not compliant. This was more important than the areas that were compliant, as it helped us to focus our attention on where we needed to make improvements. This helps us to provide assurance to our board.

We are about to launch an internal awareness campaign about AI and how we can use it. Microsoft Purview is on the list of AI solutions we will be considering. We are also about to start using Microsoft Copilot, and some of our staff are already using ChatGPT. We are looking at AI solutions within Microsoft 365 and some of our other systems. This is an area that we are very keen to develop, and it is something that our clients are also interested in. We can explore this in more detail in the coming months.

I've been amazed at how quickly the automation responds, especially when we have a large dataset. It takes that pain away from Teams and acts as a monitor for us. It's saved a huge amount of time, and once it can demonstrate internally or to clients how effectively it does what they expect it to do, that will save more time, but people who are responsible for this information need a lot of reassurance.

Purview enables us to demonstrate our compliance in real-time. We provide live reports to auditors and anyone responsible for information security risk management. We can show them our compliance status in real-time, which is excellent.

Our meetings with compliance regulators are positive when they are familiar with Purview. However, if they are not, we must be able to demonstrate to them how effective the solution is and how it can assist the organization in improving its data governance and data security. This has made the meetings much more positive, as the regulators are more assured that we are being more responsive and effective with the information we hold.

Automation plays a significant role in reducing the time to action on insider threats. We have had procedures in place for identifying, mitigating, and responding to specific risks, both internally and accidentally. However, our previous procedures were very manual, which obviously takes time. Now, in some situations, we can respond almost instantly. Automation has significantly improved our response time. Data breaches, for example, used to take a long time to investigate under our old process. From when a user reported a breach to when we could start investigating, it took hours to complete the necessary paperwork and documentation. But by using automation and some of the features in PurView, we've been able to reduce that time to minutes. In some areas, we've probably been able to reduce investigation time by 50 percent or more.

Time-saving is probably the most important benefit of automation and AI. The more time we can save people, across the board, not just Purview, the better. When we can automate tasks and improve response times, it takes away the need for manual input and frees people to concentrate on more important things. This naturally has a financial benefit. From my role, I've seen that the time savings have been really important. In some areas, we've seen time savings of up to 50 percent. So, when deployed properly, the benefits of automation and AI are huge.

Our ability to oversee compliance using Purview has been a game-changer. We have developed our own in-house compliance and risk management software, which I have been involved in. However, using Purview has been even more impactful. In addition to the automation and time savings, the key thing for us is the educational aspect. Purview helps us to raise awareness and make the organization more data-aware, regardless of role. This enables us to identify issues and, more importantly, rectify them.

The sensitivity and retention options in Purview are excellent. We had an internal document retention schedule, but when we first created it, much of our data was in paper form. As our data became digitized and moved to SharePoint Online, particularly when we migrated away from our on-premises file server, the ability to replicate that retention schedule in Purview and deploy it across all of our SharePoint sites and OneDrive made life so much easier. Purview helped us automate and control our data without having to rely on people to manually tag documents with specific retention periods.

Similarly, our sensitivity labels were scattered throughout SharePoint Online. We wanted to push data governance internally, not just from a technical data management perspective, but also from an education perspective. So, we created a data classification system based on sensitivity and deployed it across our 365 apps, including Outlook, OneDrive, Teams, and SharePoint. This not only allowed us to protect more sensitive data and ensure that it was being handled responsibly, but it also allowed us to use features like prompting users to apply a label to a document before interacting with it. This helped us deploy labels more quickly and also got staff thinking about the data they were working with.

In my experience, particularly in organizations that work with a lot of sensitive data, staff can become complacent over time and desensitized to the importance of looking after that data if they're using it day in and day out. So, having a visual prompt to apply a label and think about the documents they're working with and what that means was a really useful way of promoting data governance across our business.

Some of the menu headings may not be easy to understand for some people. For example, when I first used Purview, I noticed that one of the self-compliance centers had changed its name. Microsoft has done a huge amount of updates, and sometimes it's hard to keep track of what Purview can do. We almost constantly have to explore it.

Maybe Microsoft could have a 365 roadmap where we can look at upcoming features, or some kind of bulletin announcement for Purview users that explains new features and what they can do in simple terms.

We could also look at the menu settings. In my experience of using Purview, we've never used it as an exclusive system for IT professionals or technical staff. We were very keen that other specialists around the business made use of some of these features because we thought that some of what Purview could do was relevant to other departments as well as IT. For example, we have HR managers and financial staff who use it.

I think that some of the terminology in Purview is pitched toward IT and tech professionals, and it may not be immediately understood by other specialists. This is something that could be improved.

I have been using Microsoft Purview for three years.

I haven't seen any issues so far with stability. I know that some policies can take a little bit of time to roll out, depending on how widely they're being deployed. For example, the first sensitivity policy I created took 24-48 hours to start functioning for users. However, this is to be expected in the cloud, as it can take time for changes to filter down. Once the policy became available, I didn't see any issues with it at all.

Microsoft Purview is scalable. When I first deployed it, we deliberately scaled it up by deploying a small number of cache users first, then an individual team, and eventually ramping it up across all of our SharePoint environments, we were able to deploy it widely across Teams, OneDrive, and Outlook as well.

All the interactions I've had with the technical support, they've been really good. So I've got no complaints at all.

Positive

Previously we had processes in place for things like data protection, naming conventions, and so on, but we were very reliant on our IT infrastructure for governance. Purview has allowed us to act more effectively and quickly, and to get more people involved at an administrator level. This has been empowering for some teams, particularly HR, which can now run policies appropriate for them without having to rely on IT. This has been a very positive change for those teams.

Purview was straightforward to deploy, but complex to bring staff up to speed. Like any organization, we have people with varying levels of understanding of these systems and what they are trying to achieve. So, while it was easy for our team members to create and deploy Purview, the education piece took time. For example, we deployed sensitivity and retention labels on a team-by-team basis, training each team and bringing them up to speed before moving on. We found this to be the easiest way to deliver the training internally. Overall, I think Purview is very straightforward from a technical point of view, but the difficulty of bringing staff up to speed will vary depending on the organization.

A core group of eight of us evaluated the various aspects of what Purview could do. We took ownership of the areas that applied to our roles or departments to deploy sensitivity and retention policies. It took us four months. We only took a few days to create the policies and set up the labels. However, we wanted to manage the rollout carefully because training was key to ensuring that staff would get the most out of the system. So, we didn't rush the rollout. However, the actual technical side, the creation itself, only took a few days, or a couple of meetings.

We recommend Purview to clients and don't know if they see an ROI. However, in my previous role at a previous organization, we used Purview internally. I cannot speak to exact figures, but I do know that our creditors regularly reviewed our viability, and data governance, data assurance, and data protection. Being able to demonstrate that we have these tools available to make us more secure as an organization and to protect the sensitive information we hold obviously had an effect on our reputation and viability in the eyes of our creditors and auditors. As a business, I would say that we felt Purview was worth the investment in that particular situation.

To get the full features of Purview, we currently need E5 enterprise licenses, which are expensive. I'm not sure what Microsoft's business model is for this, because we can acquire some of the features of Purview, or we can access it by speaking to our Microsoft partners or vendors. But I think Microsoft is currently pitching Purview primarily to medium to large organizations. I believe there is a real appetite for data governance in smaller businesses as well because all businesses have information that needs to be protected and governed effectively. I have clients who own small businesses who cannot justify the cost of E5 enterprise licenses. Some of them are on business standard or business premium licenses. I think Microsoft should consider reducing the price of Purview or making it more available to more people. Perhaps Microsoft could offer a scaled-down version of Purview. I know there is an appetite for Purview among smaller businesses, but they often have to do a cost-benefit analysis and decide that the additional cost is not justified. It's a shame because they would really benefit from some of the features of Purview.

I would rate Microsoft Purview nine out of ten. Purview is a highly effective and useful feature in Microsoft 365. As a technical system, it is brilliant. However, I am concerned that it may be too expensive for smaller businesses, which is a shame.

The first time I used and rolled out Purview, it was for multiple departments in a medium-sized business. By the end of the rollout, everyone was using it. Internally, we have deployed Purview to two of our geographical locations, but we still have some others to roll it out to. With my clients, the ones who have shown an interest in Purview and are using it tend to be larger businesses that work across geographies. They are deploying Purview to their various office locations in different countries. The speed of deployment depends on the size of the company. We have 150 users.

Purview needs to be reviewed periodically to ensure that the policies are still appropriate and effective. We have tried to automate as much of this process as possible, so from a maintenance point of view, Purview does not require much manual effort. However, we do have a core group of people who regularly review Purview to stay ahead of new features and to determine whether they are appropriate for our organization.

We are currently reviewing some of the new features and redoing many of our policies. In some cases, we are considering switching from manual hard copy or written policies to policies in Purview, either to work alongside their document or to replace it. We will be gearing up for this transition soon.

I would test Purview, explore its features, and seek advice from people who have used it or from Microsoft themselves. This would help me to understand what it can do. I think it is important to avoid keeping Purview as an IT-only tool. Instead, promote its capabilities to a wider audience, including other stakeholders. Once creating and deploying solutions in Purview, I recommend deploying them to a targeted area first and then scaling them up. If a retention policy is suddenly deployed across the entire estate, people may not understand what they are looking at and may resist using it. My advice is to learn about Purview, share the learned knowledge with others, and involve other areas of the business in its deployment. Also, think carefully about how to deploy Purview in a way that minimizes disruption.

Microsoft Purview helps our business identify valuable information across various data types by using machine learning and customizable tags. It then allows users to export this data with PowerShell and combine it with metadata from other Microsoft products, facilitating both data analysis and migration processes.

While I haven't used Purview's cross-platform capabilities, I'm impressed by Microsoft's integration of its various solutions, including ComplianceOne and SharePoint, which cater to large enterprises. A deep dive into the functionality confirmed this positive impression.

The ability of Microsoft Purview to connect across devices, including Macs like mine, is a major benefit. While I was surprised to find PowerShell running smoothly on Mac, Purview itself has been user-friendly and avoided the issues I've read about online. This ease of use is crucial for me.

My previous projects focused on M365, but the next step is integrating Azure Virtual Machines into our solutions. In this context, Purview's ability to natively integrate compliance across both Azure Dynamics and Office 365 is crucial for ensuring our work scales effectively.

The biggest advantage of Purview is its ability to centralize data management. This multi-platform tool integrates data assets from across the company, providing a reliable and unified way to handle data procedures. This consistency, a hallmark of Microsoft products, is valuable for many users.

Designed for our regulated environment, Purview offers a variety of features that enable us to develop compliant solutions even when limitations seem to restrict what's achievable.

Purview has helped save us time through automation.

The most valuable aspect of Purview is its PowerShell connectivity, enabling automation. The content explorer helps visualize how classifiers, including custom-sensitive information types, identify content. Purview even allows testing these custom types with a dedicated button. Overall, PowerShell governance and export capabilities significantly improve our workflow by automating tasks and simplifying data extraction.

While Microsoft Purview addresses global regulations, it lacks out-of-the-box functionality. Extensive development is needed to define sensitive information types and train rectifiers for each customer. Most importantly, Purview currently lacks multi-language support, hindering its use in multilingual environments. Since communication compliance is the only exception, future updates should include sensitive information types and keywords in major languages, especially those relevant to the European Union. This would require customization efforts to create equivalents for these information types and keywords in other languages.

The rapid pace of feature changes in Purview, including marketing shifts, retirements, merges, and splits, creates challenges. Documentation struggles to keep up, leaving users behind. Further compounding this issue is the inconsistency of PowerShell modules. While some, like the SAP exporter, function well, others, like the trainable classifier's missing fetch module, significantly limit the usability of a potentially valuable feature. This lack of polish hinders automation efforts and makes data governance assessments more difficult.

Setting up Purview in a production tenant proved challenging due to a lack of clear documentation on permission requirements. While Purview offers role-based access with custom role creation, there's no built-in explanation of each role's function and associated permissions. Microsoft Learn documentation wasn't helpful either. Ideally, Purview should provide in-context information about each role within the portal, eliminating the need for cryptic names and extensive external research.

I have been using Microsoft Purview for under one year.

Microsoft Purview seems to be functioning, but there's a lack of clarity on how it analyzes data. The content explorer shows inconsistencies, with Microsoft acknowledging that the actual document count might differ from what's displayed. This suggests limitations in the current setup. While improvement is desirable, it's still a usable tool.

I submitted a support request in the test tenant, possibly specific to that environment. However, the Purview quality was lacking. Automatic replies didn't address my question, which seemed misplaced within the chosen topic. It felt like I contacted the wrong department. Instead of offering real support, they suggested I write a public blog post seeking help online. This was essentially non-existent support, potentially due to limited resources for test tenant users. It's unclear if this reflects the quality of support for the expensive enterprise licenses.

While deploying Purview itself was easy for me after I had spent significant time getting a Microsoft certification, onboarding junior colleagues who haven't had that preparation is proving more challenging. Despite their initial confusion, the overall structure and features of Purview seem well-organized and at least decent.

While a single person could deploy Purview in this instance because it's a test tenant, it's important to clarify that this ease of deployment applies only to the test environment and wouldn't be representative of the process for a production tenant.

The implementation was completed in-house.

Microsoft Purview is a subscription-based service, so we need either an E3 or E5 license to use it. The specific features we have access to within Purview depend on which of these licenses we have.

I would rate Microsoft Purview eight out of ten.

To choose the best Purview subscription for your needs, I recommend using a test tenant to explore Purview's features and value proposition. This will help you identify the most critical functionalities and choose the subscription that best aligns with your business requirements.

Our goal was to provide insights into the latest data entries, implement governance measures, identify and classify sensitive data, and address specific business use cases. The primary use cases revolved around establishing a comprehensive data lineage, accompanied by pertinent metadata. This was primarily aimed at providing a business-centric dashboard, enabling stakeholders to visualize how data moves from one point to another and ultimately reaches the target. 

In my experience, I've utilized it on Windows machines with Blackfish without encountering any issues.

The dashboard offers insights into the nature of the data, and the transformations occurring between different columns, and allows for traceability to identify any issues that may arise. These use cases have proven highly beneficial not only for business analysis but also for support activities. For instance, it aids support personnel in quickly identifying issues such as missing data or anomalies, streamlining the troubleshooting process for efficient problem resolution.

Purview facilitates data management across diverse cloud and platform environments, encompassing AWS and GCP. However, my experience has been exclusively with Azure. Given that my ecosystem operates within Azure, both the source and target activities are conducted seamlessly within the Azure framework. The integration is smooth since Microsoft Purview is inherently designed for Microsoft components, making it effortless to establish connections and retrieve the required data. I haven't employed it for other sources or alternative cloud systems.

The importance of Purview lies in its careful consideration of critical global regulations. As a data governance solution, it plays a crucial role in business development processes. Given the potentially sensitive nature of incoming data, proper classification is essential to ensure specialized treatment. This facilitates easy access for subsequent activities such as metadata modifications or updates, providing sufficient information for comprehension by business personnel. The tool proves beneficial for data quality officers, enabling them to monitor data and detect any discrepancies, empowering them to take necessary actions. In the realm of the cloud, Purview emerges as a highly valuable data governance solution.

The integration of Microsoft Purview has significantly reduced the need for multiple solutions to interact within our company. This reduction not only streamlines processes but also saves time. For example, when a problem arises, understanding, identifying, and resolving it becomes much easier compared to the traditional approach of tracing through multiple systems for the root cause. With Microsoft Purview, the identification process is simplified, leading to potential savings in support efforts. Business stakeholders also benefit by gaining more visibility into how data flows through the system and understanding the metadata information without relying heavily on support or technical personnel. This autonomy enhances their ability to assess and comprehend the situation independently.

I haven't implemented it to enhance response time for insider threats by applying security measures. However, the tool does provide visibility into the movement of data, allowing the data control officer to monitor and classify alarms promptly. In the event of an alert, appropriate actions can be taken accordingly.

Efforts have significantly diminished, and this reduction is directly proportional to cost savings. As a technical person involved in both solution development and support processes, I've observed a reduction of more than fifty percent. The turnaround time for issue resolution has notably decreased. Previously, it took others a considerable amount of time to identify the root cause, but with Microsoft Purview, pinpointing issues and finding solutions has become much more efficient.

It has had a significant impact on our capacity to maintain compliance. As a data governance solution, it offers features essential for ensuring that compliance requirements are thoroughly met, and data processing aligns with regulatory standards.

The user interface is highly intuitive and user-friendly.

I appreciate it because it provides a unified solution. Everything can be managed in one place, from scanning sources to making assets available. The access includes comprehensive metadata information, presented in a non-technical manner for easy comprehension of the asset's nature. The visualization it offers is quite clear. Additionally, it creates a lineage based on data processing, allowing for workflow authorization and control over metadata modifications or other activities. 

It caters to the entire micro-ecosystem, providing connectivity and seamless data flow. It allows for scanning, asset discovery, and data coverage. While there are some existing limitations, it's important to note that the tool is continuously evolving. I believe it holds great potential and will become an excellent resource for development in the future.

Purview's data connector platform is designed to facilitate ingestion from non-Microsoft data sources. I've personally applied this feature to one of our sources, an Oracle database. Specifically, we utilized ADA for data permissions and seamlessly integrated it with the Azure Data Factory pipeline. This automated the connection to Oracle, enabling the setup of data extraction and loading processes. Overall, it proved to be a valuable and effective feature.

Enhancing the tool's capability to connect to multiple sources would be valuable. Also, when data is transformed in other systems, the tool should capture the relevant metadata and generate lineage for those systems as well. Thirdly, addressing limitations, such as relying on Apache Atlas for mitigation, should be handled within the Microsoft tool itself rather than external dependencies like Apache Atlas.

I have been using it for approximately six months.

The stability is satisfactory, and I would give it a rating of eight out of ten.

I have utilized it in a cloud environment, and scalability is assured.

I am content with technical support, but for various inquiries, the responses often indicate that the feature is either not available or still in a previous state. I would rate it eight out of ten.

Positive

The initial setup was straightforward. Even individuals with less technical expertise can do it.

Deployment spanned a week and involved six different individuals.

Maintenance becomes necessary when leveraging external APIs and tools, especially concerning access management. However, once the initial setup using MS Purview is complete, ongoing maintenance is minimal. Automation takes over with continuous scanning, automatic data classification, and sensitivity labeling. Workflows can be established and utilized for an extended period, reducing the need for frequent maintenance.

I consider it cost-efficient because of the metrics it provides. With each scan being incremental, avoiding redundant scans of the same object, the tool offers a way to manage costs effectively.

We didn't extensively evaluate other options because Microsoft Purview successfully met the requirements for the specific tasks at hand. However, during implementation, I became aware of more mature tools available in the market that might offer greater capabilities. It seems that Microsoft Purview is still evolving compared to these more established alternatives.

In my scenario, I encountered difficulty connecting to a file system database, especially when it was located on a different server. Additionally, when working with an in-house solution like Azure Data Factory, while Microsoft Purview can successfully bring metrics to tables as assets, it faces limitations in identifying the leading use of those assets. For instance, a database solution handling ETL activities may not seamlessly provide insights into the transformations, sources, immediate obligations, and final targets associated with a specific asset, making it challenging to track its usage directly within Microsoft Purview.

I would strongly recommend Microsoft Purview when utilizing solutions within the Microsoft ecosystem, such as Data Factory, various applications, and databases.

Overall, I would rate it a seven out of ten because several features are still in a preliminary state. Given that it is in preview, it may not be as stable or fully functional yet. Also, the absence of data quality and data profiling mechanisms contributes to this rating.

I'm an IT consultant, and I have several clients ranging from small businesses and start-ups to large FTSE 100, multi-billion-pound companies. I've implemented Purview from a data security perspective, such as aggregating data using the DLP and AIP (Azure Information Protection). The point of Purview is to enable companies to have a grip on their data and create rules, policies, and visibility around that.

One of the biggest positives of Purview is the visibility you gain into your estate. Once you start labelling data, you can get reports and information about where your confidential and critical data are. It gives you far more visibility than you would have if you tried to do things manually.

While Purview doesn't reduce the number of systems you need, it covers the functionality of data security that, otherwise, would have to be done by a third-party product. And it probably would not only be one third-party solution. Only something like Varonis would be really comparable, in my experience.

By avoiding the need for a third-party product for data security, because it's a bolt-on with the 365 licenses—E3 or E5—it absolutely saves you money.

The labelling is the most valuable feature for the companies I'm installing it for. Some of them have several thousand staff, and their concerns are around confidential or private data being shared. The labels and the policies involved with them give them that initial visibility.

It's absolutely important that it covers multi-cloud and multi-platform environments, including AWS, GCP, et cetera. If you're going to have a DLP solution, it needs to cover as much as possible. A solution that doesn't integrate with other systems isn't going to work for most companies. That's one of the reasons I like Purview: you can plug in and use APIs to connect to other systems and scan other data.

As for connecting to iOS, Mac, and Android devices, the more the better in terms of what Purview can do from a connection aspect.

And Purview's natively integrated compliance across Azure Dynamics and Office 365 is absolutely essential. It's really good. A lot of my clients are Office 365 customers, and they hold a lot of their data in the 365 tenant. It makes Purview an obvious choice for customers with that environment and setup. Any company that uses Microsoft 365 should use Purview to some degree.

Another aspect that is very important is that the solution was built taking into account critical regulations from around the world. Some of my clients are huge financial organizations, and they need to implement things like ISO security, GDPR, and financial scanning on things like credit card numbers. It's really good.

I've also implemented the DLP policies, settings, scanning, et cetera, as well as rules around that. For example, when data is encrypted when it's sent or shared, there is no forwarding of emails.

There are negatives to the compliance aspect of Purview in that you get a lot of false positives with some of the native scanning and rules in the platform. A lot of them need tweaking to get a more realistic handle on what data there is.

Also, I wouldn't say that the remediation of policy violations is particularly great. It has improved, but it's not very easy to dig into things if there is a policy violation. A lot of them are false-positives.

It has helped reduce the time to action on insider threats, but there are quite a lot of false positives there as well. Overall, it's a work in progress for Microsoft.

I would also like to see pre-built reporting. The dashboard isn't really that intuitive. It would be good to have more intuitive dashboards that you can drill down into or even customizable dashboards.

I've been using Purview for about three years, almost since the functionality was available at the beginning.

The stability of Purview is almost faultless. It's a nine out of 10.

The scalability is very good—nine out of 10 again. Once all the data is in Purview, you don't need to worry about scalability. It would only apply when you need to bring in a new integration or application, and that is fairly easy to do.

The support is not particularly good. I've probably had some more advanced issues than the average person, due to having deployed it into a more mature config, and I found that on two or three occasions, when I had an issue or question around Purview, I really didn't have a good person at Microsoft talk to me about it. It needed to go through quite a lot of escalation to get to someone with advanced skill for it.

Neutral

I've installed it on-premises, hybrid, and in the cloud. It works best when it's all in the cloud. The initial deployment is really straightforward. It's one of the easiest products I've deployed from Microsoft.

There is maintenance involved; policies and alerts need to be reviewed. The whole data security aspect is an ongoing process.

I do it myself.

We have seen ROI because we're not having to pay for third-party scanning or security on our files.

In addition, while you can't measure it, we know our data is at less risk. We have a lot more confidence in that regard.

Also, potentially, you don't need as many security staff to monitor it, with the possibility of savings from that.

The pricing is reasonable because it's part of the 365 E3 or E5 license you buy.

What I would like to see is that Microsoft Priva, which is an add-on to Purview, be absorbed into the solution for a smaller sized consumer/company.

I have also used Varonis as an alternative. The biggest difference is that Varonis is a standalone product, whereas Purview is built into Office 365. That's the biggest positive for Purview, in comparison. That makes it easier, with Purview, to customize and switch on the scanning of data without having to go through rigorous processes to capture data, as is the case with Varonis.

Get someone who is experienced in deploying it.

Purview's data connector platform for ingestion from non-Microsoft data sources is improving fast. Originally, there wasn't as much there as I'd have hoped for, but the platform has been developed heavily in the last 18 months, and it's pretty good now. When you can see the apps from third parties in the GUI, it just makes it really easy to integrate them.

Purview doesn't really do that much to educate users on how to best handle sensitive data. That's more down to how the user is trained. It's only as good as how it is set up by the company. Like with all products, it is only as good as how well it is initialized, configured, and maintained.

When it comes to seeing compliance in real time, Purview does roughly give you that, but it's only as good as how it's configured. If it's not configured well to scan all of the data areas in your company, it won't do the job. To give you an example, someone could have Purview switched on but have a hybrid-cloud environment and not be scanning their on-premises file services. Purview can do that, but they might not have configured it to do so.

I would give Purview a solid eight out of 10. It has come a long way since I started using it. There is still work that needs to be done on it, but they've done a great job on it so far.

Data loss prevention is a significant use case for us. I'm not on the security team, so I don't know exactly what kicked it off, but I believe we wanted Purview for the DLP capabilities first, and that led to us taking advantage of the other aspects of the solution. We have Azure, Purview, Defender, and all of the other Microsoft products. We're trying to leverage and use all of them. 

We have Intune for deployments and things like that. We're rolling out the zero-trust model right now. We use Jamf to manage our Macs because I'm not knowledgeable enough to Intune correctly, and it doesn't have the functionality that Jamf does. We can move over to Intune or whatever. So I think they're definitely trying to push me that way.

I don't know if I've gotten much value out of Purview personally, but our security team loves it. Our biggest concern is leakage or theft of our data because we have a lot of PII and stuff that has not been released. We like the insights Purview provides and the way the solution can track and manage things. I'd say that was probably their favorite piece of it so far. From everything the security team has told me, the policy management and DLP features are working spectacularly.

We have had some issues automating our document management with Power Apps. I haven't been super-disappointed with anything except for Power Apps, which kinda drives me nuts. I think it's because I am a coder who can do things properly, and I keep trying to do things there, but it's not working out the way. The security team is pretty quick. I'm kind of a thorn in their side. I always try to get around stuff. They haven't come to me for anything saying, "Hey, I can't find this information." They're pretty good. Maybe, there's a lack of documentation, but that doesn't seem to be an issue for our team. 

Another thing involves SharePoint. We have everything in SharePoint up on the cloud, and we want to ensure it's secure, so we have blocked all external access. You need to have one of our devices and our codes. But the C suite wasn't pleased because it was accessible externally for a while. And we have a penetration company that does testing. They were able to harass one of our users enough that they finally clicked the button that says "Approve this Login," so it just takes one time. 

They find red flags everywhere in organizations. The gut reaction was to cut off external access for now and figure out what we can do down the road after that, but this is a stopgap measure. However, the C suite told us that it wasn't good enough, but there was no way somebody outside could access our systems. You need to be on a trusted IP or our VPN. We have conditional access configured.  

We hired an actual outside consultant company to come in And I've been working with them for close to a year now. We're trying to leverage Purview and Power Apps to automate our document management. We have a ticket open with Microsoft because that's one more thing we're struggling with. It's supposed to go through and look for any PII data, like Social Security numbers, etc. We also have really low retention policies. For example, our emails are retained for only six months maximum. Team conversations are saved for two days. They're they're brutal. Legal discovery can be expensive, so they want to make sure we don't have anything to discover. 

I'm wondering if Purview can do some of the things that we're struggling with, and we're tripping over ourselves because the other thing we did was configure it so you have to be in a special group to even access those files. I might be wrong, but I'm pretty sure that Purview Information Protection has a labeling component. Still, I don't know how much it organizes labeled documents, and I think it also includes labeling after detecting user behavior that the system tracks.  They talked about something similar in one of the keynotes I recently listened to. I'm like, "Why are we not doing that?"  I'm looking at how we're just beating our heads against the wall. Even if we get this in place, it would still be very challenging. 

We like this In terms of usability and security. It will be difficult for our teams to do their jobs with all this other garbage in place. At this point, we've got it almost always set up, but it isn't working the way we need it to on the Power Apps side of things. 

And we've got a ticket open with the Power Apps team to figure out why it isn't working because it's supposed to be on a scheduled thing, but we've let it sit for weeks at a time, and nothing ever happens. It doesn't run. And there's no way to monitor. We don't know if it's doing anything, or we can look at our files to make sure that could be improved. 

We started using Purview in the last six months.

We are a new company. We broke off from a much larger organization three years ago, but we had about 3,000 people in the last organization, and we're down to 300. Before Purview, I don't think we had anything for DLP because there was so much to do. It was all hands on deck for about a year and a half where we were just trying to get that stuff done.

We have dev and production environments in AWS, and we're using native AWS tools to monitor the applications over there. I don't know how effective they are compared to Purview. We outsourced all of that to another company. The guy who owns it used to work with us.

I am not involved in purchasing. My company is willing to throw as much money as needed to be as secure as possible. Security is our priority, so we'd probably pay for it even if it was pretty expensive.

I rate Microsoft Purview eight out of 10. 

We do a lot of projects for state governments in the US. One of the states had a vast amount of data, around 20 years worth, spread across various systems. We had non-relational databases, files, Snowflake, Oracle, Excel, and more. We aimed to turn this data into meaningful information, track its lineage, and identify problems. I did the proof of concept for this.

It is crucial to us that Purview was built taking into account critical regulations from around the world. The tool considers compliances related to PHI, PII data, and Europe's GDPR. All these are taken into consideration while developing the tool. That's really good.

For data loss protection in Purview, we've explored how third-party access works, particularly concerning the exposure of sensitive data like PHI and PII. We looked into how this data can be masked or hidden. Currently, our team is developing further based on these explorations.

As one of the world's leading healthcare companies, we manage vast amounts of data, especially from state government projects. Healthcare data is very critical, and we can't expose any PII or PHI data due to compliance requirements. 

We audit every three to six months, and we need to justify why the PII or the PHI data has been accessed. From that point of view, this solution gives us very good leverage from the data governance perspective.

Purview has helped to reduce the number of solutions we need to interact with each other because this has a governance portal, analytics portal, data catalog, and data dictionaries. Everything can be done in one single tool.

The beauty of Microsoft tools is that they are valuable, and most of them are UI-driven. A couple of my team members who did not undergo any kind of training, were able to leverage the tool and explore it to the core. Whereas other tools that we use, for example, Erwin or any IBM tool, need a lot of training or a lot of self-running to start mastering the tool. 

At the same time, Microsoft is very easy. Using one single tool, we can accomplish everything. This has made a huge impact on the project timelines including the implementations of certain solutions, data governance portal, building a data governance portal, etcetera. This solution has reduced the number of solutions that affected the complexity of our data governance.

Purview tremendously has affected the visibility we have in our state. Because when we started in our company, nobody had explored using a data governance tool and Microsoft Purview. It was still coming out of its cocoon. We were working together with Microsoft on a lot of issues.

Purview enables us to show our compliance in real time. When I'm on a government project, and we discuss the data, often the management or leadership asks for a report. We simply log in to the tool and instantly create a report. In just a fraction of a second, we have all the information at our fingertips.

Purview has helped to reduce the time to action on insider threats by 30% to 40%. We can identify which fields expose our data or the columns that expose our PII PHI. We also know the data lineage and who has access to the data. 

In case of any compliance issue, it will pinpoint the particular individuals who have access to this data, and then we can ask for an explanation.

The use of Purview helped to save both time and money because we ended up using one tool for most of the data governance work. The project I worked on was around $600,000, and the POC was around $200,000. We probably saved around $400,000 annually.

Purview has affected our ability to stay on top of compliance and provides a report on who has access to the data. Whenever we have an audit, it helps to determine who accessed the data and their need for access. It has a significant impact.

The data lineage feature stands out. It tracks where the data comes from and any changes made. However, it's currently limited to Microsoft products. We can track lineage data with Azure Data Factory.

Another great feature is the ability to connect to any data source. We've linked it with the enterprise architect, a data modeling tool, and Erwin.

It is important to us that Purview can connect to Android devices and data in other software-as-a-service apps. We've connected to Snowflake, Erwin, Oracle, DB2, and more. Name any database, and we've probably connected to it.

It is crucial that Purview offers data protection across multi-cloud and multi-platform environments like AWS and GSP. The solution has an analytics space for data governance. It helps identify who should have access to specific fields. 

Another beneficial feature is the data catalog. It allows us to streamline and classify data, ensuring that only authorized personnel can access it. 

Purview integrates natively with Azure, Dynamics 365, and Office 365, which is also a remarkable feature. We connected to Office 365 Excel files and even accessed a few emails for a proof of concept. We also linked it with Microsoft Power BI. Most Microsoft products have a very good amalgamation.

There is room for improvement when it comes to Purview's data connector platform in supporting ingestion from non-Microsoft data sources.

Microsoft has done an impressive job. I've been in this domain for over 15 years and have used IBM's data governance tool in the past. Microsoft's current offering sets a baseline with features like data governance catalogs and connectivity to various tools.

The product is evolving, and there are some bugs, especially in lineage data lineage and adding parameters. It's maturing, and the data lineage needs improvement. While connecting to Microsoft products is a piece of cake, connecting to external ones, like Snowflake, is more challenging. 

I work for one of the biggest healthcare companies. I've been working on their project for probably almost one and a half to two years now. 

I got the chance to work with Microsoft Purview a year ago.

It's very stable. I never experienced any freezes.

I've never encountered any performance slowdown. Scalability is pretty good.

The customer service and support were pretty good. I engaged with them for about six months on various topics.

Positive

I used something from IBM. We switched to Purview because licensing for the IBM solution was very expensive, and the learning curve was too high.

We have a separate dev ops team. I was part of the discussions from a dev manager perspective but not directly involved in the deployment process. 

When we did the proof of concept, we had about three endpoints. We deployed it in two locations, North Carolina and somewhere in the central, both East and Central.

It's a SaaS model, so it doesn't require any maintenance. Moreover, we deployed it on a private cloud since we work on state government solutions.

I have seen a 100% return on investment.

The pricing is decent. It is neither too low nor too high. Given its capabilities, the pricing is justified.

We previously used the IBM infrastructure but as we are a premium partner with Microsoft, we collaborated with them and began exploring Purview.

Since it is still maturing, I would rate it an eight out of ten. It's a wonderful tool, I would advise everyone to explore it from the data governance perspective.