Microsoft Purview Data Governance Reviews

We have implemented Microsoft Purview as a comprehensive DLP solution for our clients across Europe, Africa, and the Middle East to protect their data and help them classify, identify, and investigate who and how the data is being accessed.

Microsoft is aiming to build favorable relationships with other cloud solution providers. On our end, if we have both AWS solutions and Microsoft's cloud solution, implementing the Microsoft Purview dashboard can be a good way to collect and classify our data across both platforms. This could be a strong selling point for Microsoft to explore partnerships with AWS and other public cloud players, allowing them to combine and leverage their global development, sales, and services.

Implementing Purview's integrated compliance across Azure Dynamics 365 and Office 365 is relatively straightforward thanks to available connectors and Microsoft's improved user interface.

Microsoft Purview includes a compliance manager, which simplifies meeting various standards and regulations through integration with companies like ISO, ISCE, and other risk solutions. This feature is an add-on for E5 and E3 licenses. It allows us to create assessments that generate reports with specific recommendations for implementing and configuring ISO 27001 or other standards within our Microsoft 365 environment. This makes compliance significantly easier and, according to Microsoft, can reduce the cost of implementing such measures by approximately 40 percent compared to using other solutions for ISO compliance or other critical regulations.

Given my role as a cybersecurity consultant, I previously created a DLP policy based on the client's needs. Since then, I haven't had further contact with the client. However, I'm now working on a new project for them next year. This project involves developing and implementing a DLP solution with a focus on information protection. My responsibilities include monitoring all user activity and reporting on it in a few months. Based on my observations, there's a significant amount of activity requiring governance. This includes areas like DLP policy enforcement, USB blocking, printer control, copy prevention, file transfer via secure FTP, and external user access restrictions. Purview's data loss protection is helpful for remediating policy violations.

I'm developing a short training guide, about four pages or more, on enabling information protection labeling and related topics. Some clients have suggested automation, but I believe the best approach is to guide users through manual labeling. For instance, we could have a "Sensitive" label for data like personal information, ID numbers, passports, names, passwords, and so on. Information protection can be implemented either by defining detection rules beforehand or by using the system's automated detection capabilities. If sensitive information is detected, the system can then recommend applying the "Non-Confidential" label or whichever equivalent label we prefer.

Microsoft has developed and launched Microsoft Defender for Endpoint for Mac. This agent for macOS is the same agent used for data loss prevention in Endpoint. However, if we don't require DLP for Endpoint, we can simply synchronize our Macs with Microsoft Intune. Intune, a combination of Microsoft Entra ID and an MDM solution, is not just for mobile devices; it's a device management platform for all company devices, including PCs, Macs, mobile devices, and servers. It allows us to synchronize settings and policies across all our devices, manage software deployments, and utilize various other features. Therefore, we have two options: either synchronize our Macs with Intune or install the Microsoft Defender for Endpoint agent to implement DLP for Endpoint. DLP for Endpoint is mandatory if we need to detect and control USB devices, printers, and other data transfer peripherals.

Microsoft Purview's primary benefit lies in safeguarding sensitive and confidential data, thereby mitigating the risk of internal data exfiltration.

Purview does help our customers reduce the number of solutions they interact with. From a cybersecurity engineer and information security expert perspective, consolidating and streamlining technology can be beneficial for IT departments, especially before implementation. Currently, Security Service Edge emerges as a promising solution due to its integration with zero-trust principles and protocols. For example, instead of deploying multiple endpoint detection and response solutions, a single, antivirus-free EDR like CrowdStrike can suffice. Similarly, Microsoft's Defender for Cloud Apps, combined with XDR and other security features, offers a comprehensive solution for Security Operations Centers. My goal is to create a unified MDR solution for clients, allowing for centralized data collection and log analysis. This unified platform, ideally with one or two dashboards, would enable efficient investigation and response, minimizing investigation time and cost. Combining various tools into one interface eliminates the need to jump between dashboards, improving analyst efficiency. Why rely on multiple vendors like CrowdStrike, Proofpoint, Minetest, and MISSP when a single solution can offer comprehensive visibility and data security? Microsoft's Image Security 365, coupled with best practices and anti-phishing strategies, can significantly enhance security. Furthermore, I recommend implementing a DMZ with two firewalls, one internal and one external. This layered security approach, while requiring two vendors, provides redundancy and prevents attackers from exploiting a single firewall and gaining access to the network. However, it's important to remember that cybersecurity solutions are not one-size-fits-all. Each client and scenario requires tailored strategies based on their unique needs and context. Consistency across the industry is crucial, but it's important to acknowledge the lack of standardized approaches in the current landscape.

The Microsoft Purview dashboard is primarily a data security solution, allowing us to implement various layers to safeguard our information. While it can be used for some Endpoint Detection and Response functionalities, its full potential in this area might not be realized without proper configuration and understanding of the underlying processes.

While Purview offers real-time compliance monitoring, it's an add-on feature functioning as a compliance manager. However, due to a lack of clear communication, not all companies fully understand its capabilities. Additionally, it's important to note that while compliance and standards often relate heavily to financial and banking sectors, the scope of regulations has broadened significantly in recent years, extending beyond these specific industries.

Purview helps us stay on top of compliance because Microsoft has tried to build Purview based on the ISC framework.

No single feature stands out as the best because the most effective approach involves combining multiple features. For example, when using information protection, labeling, and classification, a multi-step process is necessary. First, we must classify our data, which requires a thorough understanding of our environment and the nature of the data itself. Once classified, we can apply labels and establish rules governing data sharing through information protection measures. The final step involves implementing and configuring a Data Loss Prevention solution. It's crucial to remember that the goal isn't to find ideal individual features; rather, it's to leverage the synergy of multiple technologies to create a comprehensive and powerful data protection strategy.

I've been working closely with Microsoft support on issues with the Microsoft Purview Information Protection scanner's on-premises services. While it's a solid tool, there's still room for improvement in my opinion. I've submitted numerous recommendations, from solutions to address specific problems to the implementation of new features like bulk scanning across multiple servers, not just individual paths. I've also encountered a high number of false positives in the classifier and made suggestions for resolving them. Microsoft support is currently reviewing my input, and we're collaborating to refine the scanner and minimize false positives. It's important to remember that this is a new technology, and like any newborn business venture, it's prone to growing pains. Errors and mistakes are inevitable along the way, but they're also valuable learning opportunities.

Frequent daily updates from Microsoft can cause interface elements like buttons to appear and disappear, making navigation unpredictable. Additionally, Microsoft also generates new licenses that require investigation to identify each new license.

I have been using Microsoft Purview for one and a half years.

Microsoft Purview is scalable.

Sometimes we have a communication gap or delay but most of the time the technical support is good.

One person can deploy Microsoft Purview.

We implement Purview for our clients.

We are a Microsoft Gold Partner and are currently satisfied with our existing solutions. Therefore, we do not prioritize evaluating other vendors at this time.

I would rate Microsoft Purview a seven out of ten. Purview is a good solution but it takes time to master.

We utilize Microsoft Purview to manage our data classifications, identify sensitive information in our documents for certification protection and data loss prevention, and we anticipate employing insider risk management. While we haven't yet implemented insider risk management, it is part of our strategic plan and compliance assessment.

From an access management standpoint, we have users accessing our data from various mobile devices, including Android, iOS, and iPad, as well as Windows and MacBook computers. Therefore, it is crucial to implement consistent policies and safeguards across all platforms, regardless of the operating system or device type.

We are a heavily Microsoft shop so all Microsoft platforms are important to us and Purview's natively integrated compliance is great.

It is important and useful for us that Purview was built taking into account critical regulations from around the world.

We report on all of our DLP policy violations. We have alerts set up to notify our security team to take action when violations occur.

Microsoft Purview Data Loss Prevention is an effective tool for educating users on how to best handle sensitive data. It can detect and identify various types of sensitive data, although we have observed that not all of the built-in detection mechanisms function flawlessly. Consequently, we have had to modify some of the detection modules. Additionally, certain detection rules specific to New Zealand have not performed as expected. Despite these limitations, the ability to detect sensitive data and utilize prompts to guide users in correctly classifying documents is quite valuable. We intend to expand our use of these features as we progressively deploy Purview across our organization.

We have several Mac OS users in our business, so it is important that Purview can and does extend policies regardless of the platform being used.

Since implementing Purview, the compliance assessment process has been effective. The expansion of country-specific regulations has been a crucial development. In New Zealand, we've utilized built-in privacy act laws and regulations, which have been beneficial. However, I believe the integration of the Copilot tool and advancements in AI will likely bring about continuous changes to the compliance landscape.

With Purview, we can continue using native Microsoft products for scalability, eliminating the need to rely on external vendors. This approach reduces the number of vendors in our environment.

The visibility Purview provides into our estate is useful. We have had a privacy campaign running for the last year and using Purview to essentially see where our data and sensor data are.

Purview enables us to show our compliance in real-time. We would use it to help demonstrate our compliance to regulators.

Purview enables us to save approximately 30 percent of our security team's time by providing visibility into previously obscured areas of our environment. Moreover, Purview is seamlessly integrated into our existing Microsoft licenses, eliminating any additional costs.

Purview helps us stay on top of compliance.

Data authentication enables us to classify documents based on whether they should be restricted for internal consumption or permitted for external sharing. This classification allows us to apply appropriate policies to each document type.

The DLP is also a valuable feature that we use.

The reporting is limited and has room for improvement.

Privacy features should be integrated into the core product rather than offered as optional add-ons, as privacy is not a luxury but a fundamental requirement.

I have been using Microsoft Purview for six months.

I would rate the stability of Purview a nine out of ten.

Purview can meet our scalability needs.

The technical support used to be more reliable and consistently good. Now, while it's still possible to get assistance from a knowledgeable representative, the overall quality of support has declined.

Neutral

We previously used Azure Information Protection and Symantec DLP. We switched to Microsoft Purview because of the cost savings.

Initial deployment is straightforward as we are a Microsoft shop, facilitating seamless integration with the native platform.

The deployment of Purview involved three individuals: one primary engineer and one architect. The initial deployment phase spanned six weeks, followed by an ongoing tuning process to maintain Purview's up-to-date status.

We have seen a return on investment, but it is too early to quantify the exact savings.

Purview is included in our Microsoft E5 licensing. There is no additional cost, but it does require us to maintain an E5 license to continue using Purview.

To fully justify the cost of Purview, it is important to leverage all of its capabilities.

I would rate Microsoft Purview a seven out of ten. While Purview is gradually improving, its reporting capabilities remain subpar. As we introduce additional products like Copilot and others, there will likely be a need for more robust integration plans that outline how these products will interact and the benefits they will provide.

We only use Microsoft Purview in our Microsoft 365 workload environment.

We are currently evaluating AI products like Copilot and several chatGPT-style tools for potential implementation within our organization. However, we are proceeding cautiously until we have fully implemented Purview to address our concerns regarding potential data loss associated with AI product usage. Once we are satisfied with Purview's effectiveness in mitigating these risks, we will accelerate our evaluation and adoption of AI products.

We have 5,000 users who were using Purview for the software, and we have a two-person support team. Every corporate user in our organization has a license to use the solution.

Purview requires regular maintenance because there is an ongoing need to review components like DLP rules and data classification. This ongoing maintenance ensures that the system continues to function effectively and accurately. Additionally, ongoing tuning helps to minimize false positives and false negatives, ensuring that the system accurately detects potential issues.

Ensure clear communication regarding the desired grouping of data classifications and the functioning of the data loss prevention policy. Understanding these aspects is crucial for effective product utilization. User training and communication are essential around the implementation of the data loss prevention policy as it impacts user behavior. Senior leadership should take the lead in championing this initiative, possibly as part of a broader privacy or border protection campaign. Our involvement in this process can be minimal.

We use Purview for data cataloging and to build the DME (Data Management Environment) for enterprise data. We also use it to understand the insights of how data is flowing across systems, from ERP systems to our data warehouse and the installation layer. This helps us to look at data classifications and where exactly sensor data is being used. It gives us a bird-eye view. 

There are two primary use cases. One is to build the data catalog for our enterprise data, and the other one is to build the lineage. These serve to provide a clearer understanding of the data aspect.

There are two things: I'm more specific about data for Purview. There are two types of tools in Purview, but I have exclusively used data Purview. Purview is basically the one for data governance, and there is for enterprise-level security. I am more involved in the data governance aspect.

Purview has helped to reduce the number of solutions we need to interact with each other. That's the best thing with Purview: we can have a lot of options to get a view to identifying data that not only helps directly have access, but we can still have access to the data catalog and have a view of all the data access across the system. 

We can also look at certified assets. I'll also look at ratings and tags so that we can find the right valuable data or trusted data that we can go for without anyone's help here. Based on the feedback, even from a few of the data supports or the experts, that would definitely help because it stops building the dependency with a specific person, and we can contribute once in the data catalog, and we could use those extensively across the org.

There are multiple aspects that it helps. It's not specific to security, it's not specific to what we call data classification. Another thing is we can have visibility across not specific to one area. We can explore all on-prem systems, cloud, multi-cloud platforms, and data in our data lake, SQL database, and Power BI. We have visibility of everything. We don't need access to the actual sources, but we can have just a view of our enterprise data, which is definitely the best thing I can say in terms of visibility. For example, if any chief data officers want to look at the enterprise data or the data estate completely, it would definitely help a lot in looking at what data is in-house and sensitivity where exactly the sensitivity data is being placed. That's the best thing I can say in terms of giving visibility to data officers and data storage.

There are a few audits we had. We used to track all the sensitive information, and in most cases, I can select Excel or any spreadsheets we have. Purview would help us with a single scan of our data sets, giving me the availability of where exactly the sensitive information is by just adding data classifications at one time. 

Purview has defaulted a lot of our classes already enrolled, but on top of it, we can tweak it based on our custom needs. Then, scan data and get insights, which will definitely be a better way of doing data governance because if we want to perform any audit, it takes a lot of time. But with Purview, once we define our requirement and then scan it, we'll have the data before any audits that we want to perform. It's definitely helpful, especially in terms of data audits. 

Purview will give us the classification of where data sits and then show us how it is being curated, how it is being stored across systems, who the end users are, and how it is being used. It definitely helps a lot in terms of complaints and staying on top of compliance. The important thing to say is that we can predefine and use it and have it ready to use. That's important. It scans the data frequently, so we get the insights updated frequently.

The most valuable features are lineage, data cataloging, glossaries, and the new access delegation feature. This feature will make it quicker to delegate access to all the data with a single request button.

On Azure, it's definitely important that Purview delivers data protection across multi-platform environments. It gives us complete visibility of where our security data resides and what types of data we have. 

This is useful because we store data across multiple platforms, including databases, storage, spreadsheets, Excel, CSS, and caching. Purview helps us to see where exactly our data is stored across the system, especially in Azure. This is a great advantage because it helps us to feel more secure when moving our data to the cloud.

Moreover, Purview's data connector platform is getting valid day-to-day. It has connectivity to major cloud platforms, like GCP and AWS, and also it has a couple of areas. So it supports multi-platform and a couple of on-premise systems. It also connects a few of the heterogeneous databases.

It gives us insights. There are two aspects of it—one is about data governance and one is about security. Since I'm part of data governance, it does not deal much with threats because that's a different tool that will give us more insights about the threats. But in terms of data threats, I'll have visibility on who and how to stop it.

As we are looking at Purview as an enterprise-level tool, there are two areas where I still see that there is something that can be improved.

One is about disaster recovery. Purview has not matured in the way of building the tool without having disaster recovery. We don't have disaster recovery or high availability. If anything goes wrong, like, there are any changes happening, and I want to roll back, there is no way that I can roll back in the existing system.

For example, I have a data source in which one of the users has dropped or deleted the data unknowingly or accidentally. In that case, there is no way to roll back those changes. That's one place where Purview can improve it.  

I have been using this solution for a year. 

I have never experienced a crashing issue so far but lagging happens. It depends on our network traffic from where we are using it. 

Our overall experience is good. I have never seen any issues with Purview.

As it's consumption-based, it's easily scalable because Microsoft takes care of it, and I don't need to look at any hyperscaler for this.

We are good with the scalability but, the cost factor is involved here. Once you scale up, the cost is higher, so we have to be more cautious about it.

The customer service and support are good. The support team was quite helpful in many of cases. For example, when I want to contact any person, like a Microsoft client partner, they help me with one of the requirements, and we had some workshops and a few guidelines given to us. That was very helpful for us. 

Since Purview is a new product, it has multiple features being adopted.

Positive

It was more of manual work that we used to do, like doing the audit and building the data catalogs.

Since we are a Microsoft shop, that's one reason why we are going with Purview. We have other tools like Collibra, but that will be costly and may not. It requires a lot of effort compared to Purview to implement. That's the reason we chose Purview.

The initial setup was straightforward, with minimal dependency on the administrators.

We didn't get help from the integrator, reseller, or consultant.

Purview helped to save time and money. If we are looking for an enterprise-level solution, Purview would be the best tool. 

We have invested around $22k per month. But we have to work more on showing a return on investment because I see only a few users using this because data lineage is one area we are focusing more on, but still, there are a lot of issues in getting it. Down the line, I can say this is going to give us a return on investment but we are not there. Right now, we are trusting that we will get that soon.

Since it's more consumption-based, the pricing looks good, but we should have a few options to limit Purview. 

In terms of usage or size and limit the price. Right now, we don't have control over it because it depends on the volume of data IT stores and the number of users being used concurrently. So those are a few areas we don't have control over because it's completely on the consumption base now.

Overall, I would rate the solution a seven out of ten.  

My organization had a large amount of sensitive data stored primarily in SharePoint Online. We also operate in a highly regulated industry. Therefore, we wanted to take advantage of some of the features offered by Microsoft Purview. Initially, we focused on sensitivity and retention labels, but we later expanded to include data loss prevention and benchmarking our data against the built-in regulations offered by Purview.

It is important that Purview delivers data protection across multi-cloud and multi-platform environments. Many organizations have multiple systems, which can be difficult to manage. I know that many of my clients are currently trying to amalgamate their systems and bring them all under one umbrella, but there will always be cases where organizations will not be able to have everything in a single software solution like Microsoft 365. Being able to take advantage of Purview's excellent features and deploy them across not only 365 but also other systems makes it much easier. I think this is one of the reasons why organizations are starting to look at things like Purview: it has the ability to deploy more widely, saving organizations a lot of time and effort and centralizing control.

It is important that Purview can connect to iOS, Mac, and Android devices, as well as other data and SaaS apps. Many organizations issue portable devices to their staff, especially those with a high percentage of hybrid remote workers. These mobile devices have become essential, both personally and professionally. Having governance across multiple devices is a brilliant feature.

Purview's integrated data link compliance is a great feature. The biggest selling point for me is the ability to deploy it from one location; I haven't been able to manage everything in one place before. This makes it much easier for local administrators, and it can also be used across different environments.

The connectors for supporting non-Microsoft data sources are a brilliant feature and a smart move by Microsoft. They allow us to apply our governance policies to data sources such as Twitter and WhatsApp, which are used by many organizations for customer interaction. This is important because it allows us to protect our customers' data, even when they are interacting with us on multiple platforms.

My experience of the critical regulations that Purview was built taking into account is predominantly UK regulations. When I first started at my organization,  part of my role was data protection. So being able to benchmark our data against the GDPR and some of the UK's specific regulations was fantastic. But now I work with multinational clients, so we have offices in various locations in different geographies. So having specific legislation for the areas in which they operate is brilliant. More organizations are spread across different continents and countries. So being able to apply different legislation to different parts of their estate depending on where their offices are operating is a fantastic feature.

We are currently updating our data loss prevention policy internally, and we highly recommend that our clients use Microsoft Purview for DLP as well. I demonstrated Purview to a client a few months ago, and they were incredibly impressed with how effective it can be. I think they were particularly surprised by how quickly it can identify sensitive data. For example, we did a quick test where we uploaded a document that contained a piece of personal information that we had asked the Purview policy to look for. As soon as we uploaded the document to a SharePoint document library, we received an email alert warning us that the sensitive information was present and could be accessed by others. The alert was almost instantaneous. This shows that Purview is a very effective system for protecting data.

Microsoft Purview has enabled us to truly embed a culture of data governance among staff. This has been a major success, not just within our own organization, but also with our partners and clients. Many people talk about the importance of data governance, but Purview has helped us to increase the knowledge base of our users and empower them to take ownership of their data, rather than relying solely on IT professionals or data protection staff. This is a real positive for any business, especially those that work with sensitive information. The automation capabilities of Purview have also been a huge hit with our users. The ability to automatically apply data labels and implement advanced encryption policies has made it much easier for us to protect our data.

In previous years, we have used various methods and systems to try to achieve the same outcome, including spreadsheets and stand-alone systems. We are heavy users of Microsoft 365, so it is our primary system, but we also use other systems. Having one solution that can deploy our core policies and protections across different devices and platforms.

Microsoft Purview's reduction of solutions simplified our data governance. In the past, our data was scattered across different locations, making it difficult to manage and protect. Purview has brought our data together into one place, making it easier for users to access and for us to implement data governance policies. I believe that the more systems we have, the greater the risk of data protection incidents and the more difficult it is to deploy a unified data governance strategy. Reducing the complexity of our IT infrastructure goes hand-in-hand with improving data governance.

Some of the features in Purview have illuminated areas of our data site. In particular, when we have worked with organizations with large volumes of data, it has helped us to identify issues. For example, benchmarking our state against GDPR highlighted aspects of our operations that were not compliant. This was more important than the areas that were compliant, as it helped us to focus our attention on where we needed to make improvements. This helps us to provide assurance to our board.

We are about to launch an internal awareness campaign about AI and how we can use it. Microsoft Purview is on the list of AI solutions we will be considering. We are also about to start using Microsoft Copilot, and some of our staff are already using ChatGPT. We are looking at AI solutions within Microsoft 365 and some of our other systems. This is an area that we are very keen to develop, and it is something that our clients are also interested in. We can explore this in more detail in the coming months.

I've been amazed at how quickly the automation responds, especially when we have a large dataset. It takes that pain away from Teams and acts as a monitor for us. It's saved a huge amount of time, and once it can demonstrate internally or to clients how effectively it does what they expect it to do, that will save more time, but people who are responsible for this information need a lot of reassurance.

Purview enables us to demonstrate our compliance in real-time. We provide live reports to auditors and anyone responsible for information security risk management. We can show them our compliance status in real-time, which is excellent.

Our meetings with compliance regulators are positive when they are familiar with Purview. However, if they are not, we must be able to demonstrate to them how effective the solution is and how it can assist the organization in improving its data governance and data security. This has made the meetings much more positive, as the regulators are more assured that we are being more responsive and effective with the information we hold.

Automation plays a significant role in reducing the time to action on insider threats. We have had procedures in place for identifying, mitigating, and responding to specific risks, both internally and accidentally. However, our previous procedures were very manual, which obviously takes time. Now, in some situations, we can respond almost instantly. Automation has significantly improved our response time. Data breaches, for example, used to take a long time to investigate under our old process. From when a user reported a breach to when we could start investigating, it took hours to complete the necessary paperwork and documentation. But by using automation and some of the features in PurView, we've been able to reduce that time to minutes. In some areas, we've probably been able to reduce investigation time by 50 percent or more.

Time-saving is probably the most important benefit of automation and AI. The more time we can save people, across the board, not just Purview, the better. When we can automate tasks and improve response times, it takes away the need for manual input and frees people to concentrate on more important things. This naturally has a financial benefit. From my role, I've seen that the time savings have been really important. In some areas, we've seen time savings of up to 50 percent. So, when deployed properly, the benefits of automation and AI are huge.

Our ability to oversee compliance using Purview has been a game-changer. We have developed our own in-house compliance and risk management software, which I have been involved in. However, using Purview has been even more impactful. In addition to the automation and time savings, the key thing for us is the educational aspect. Purview helps us to raise awareness and make the organization more data-aware, regardless of role. This enables us to identify issues and, more importantly, rectify them.

The sensitivity and retention options in Purview are excellent. We had an internal document retention schedule, but when we first created it, much of our data was in paper form. As our data became digitized and moved to SharePoint Online, particularly when we migrated away from our on-premises file server, the ability to replicate that retention schedule in Purview and deploy it across all of our SharePoint sites and OneDrive made life so much easier. Purview helped us automate and control our data without having to rely on people to manually tag documents with specific retention periods.

Similarly, our sensitivity labels were scattered throughout SharePoint Online. We wanted to push data governance internally, not just from a technical data management perspective, but also from an education perspective. So, we created a data classification system based on sensitivity and deployed it across our 365 apps, including Outlook, OneDrive, Teams, and SharePoint. This not only allowed us to protect more sensitive data and ensure that it was being handled responsibly, but it also allowed us to use features like prompting users to apply a label to a document before interacting with it. This helped us deploy labels more quickly and also got staff thinking about the data they were working with.

In my experience, particularly in organizations that work with a lot of sensitive data, staff can become complacent over time and desensitized to the importance of looking after that data if they're using it day in and day out. So, having a visual prompt to apply a label and think about the documents they're working with and what that means was a really useful way of promoting data governance across our business.

Some of the menu headings may not be easy to understand for some people. For example, when I first used Purview, I noticed that one of the self-compliance centers had changed its name. Microsoft has done a huge amount of updates, and sometimes it's hard to keep track of what Purview can do. We almost constantly have to explore it.

Maybe Microsoft could have a 365 roadmap where we can look at upcoming features, or some kind of bulletin announcement for Purview users that explains new features and what they can do in simple terms.

We could also look at the menu settings. In my experience of using Purview, we've never used it as an exclusive system for IT professionals or technical staff. We were very keen that other specialists around the business made use of some of these features because we thought that some of what Purview could do was relevant to other departments as well as IT. For example, we have HR managers and financial staff who use it.

I think that some of the terminology in Purview is pitched toward IT and tech professionals, and it may not be immediately understood by other specialists. This is something that could be improved.

I have been using Microsoft Purview for three years.

I haven't seen any issues so far with stability. I know that some policies can take a little bit of time to roll out, depending on how widely they're being deployed. For example, the first sensitivity policy I created took 24-48 hours to start functioning for users. However, this is to be expected in the cloud, as it can take time for changes to filter down. Once the policy became available, I didn't see any issues with it at all.

Microsoft Purview is scalable. When I first deployed it, we deliberately scaled it up by deploying a small number of cache users first, then an individual team, and eventually ramping it up across all of our SharePoint environments, we were able to deploy it widely across Teams, OneDrive, and Outlook as well.

All the interactions I've had with the technical support, they've been really good. So I've got no complaints at all.

Positive

Previously we had processes in place for things like data protection, naming conventions, and so on, but we were very reliant on our IT infrastructure for governance. Purview has allowed us to act more effectively and quickly, and to get more people involved at an administrator level. This has been empowering for some teams, particularly HR, which can now run policies appropriate for them without having to rely on IT. This has been a very positive change for those teams.

Purview was straightforward to deploy, but complex to bring staff up to speed. Like any organization, we have people with varying levels of understanding of these systems and what they are trying to achieve. So, while it was easy for our team members to create and deploy Purview, the education piece took time. For example, we deployed sensitivity and retention labels on a team-by-team basis, training each team and bringing them up to speed before moving on. We found this to be the easiest way to deliver the training internally. Overall, I think Purview is very straightforward from a technical point of view, but the difficulty of bringing staff up to speed will vary depending on the organization.

A core group of eight of us evaluated the various aspects of what Purview could do. We took ownership of the areas that applied to our roles or departments to deploy sensitivity and retention policies. It took us four months. We only took a few days to create the policies and set up the labels. However, we wanted to manage the rollout carefully because training was key to ensuring that staff would get the most out of the system. So, we didn't rush the rollout. However, the actual technical side, the creation itself, only took a few days, or a couple of meetings.

We recommend Purview to clients and don't know if they see an ROI. However, in my previous role at a previous organization, we used Purview internally. I cannot speak to exact figures, but I do know that our creditors regularly reviewed our viability, and data governance, data assurance, and data protection. Being able to demonstrate that we have these tools available to make us more secure as an organization and to protect the sensitive information we hold obviously had an effect on our reputation and viability in the eyes of our creditors and auditors. As a business, I would say that we felt Purview was worth the investment in that particular situation.

To get the full features of Purview, we currently need E5 enterprise licenses, which are expensive. I'm not sure what Microsoft's business model is for this, because we can acquire some of the features of Purview, or we can access it by speaking to our Microsoft partners or vendors. But I think Microsoft is currently pitching Purview primarily to medium to large organizations. I believe there is a real appetite for data governance in smaller businesses as well because all businesses have information that needs to be protected and governed effectively. I have clients who own small businesses who cannot justify the cost of E5 enterprise licenses. Some of them are on business standard or business premium licenses. I think Microsoft should consider reducing the price of Purview or making it more available to more people. Perhaps Microsoft could offer a scaled-down version of Purview. I know there is an appetite for Purview among smaller businesses, but they often have to do a cost-benefit analysis and decide that the additional cost is not justified. It's a shame because they would really benefit from some of the features of Purview.

I would rate Microsoft Purview nine out of ten. Purview is a highly effective and useful feature in Microsoft 365. As a technical system, it is brilliant. However, I am concerned that it may be too expensive for smaller businesses, which is a shame.

The first time I used and rolled out Purview, it was for multiple departments in a medium-sized business. By the end of the rollout, everyone was using it. Internally, we have deployed Purview to two of our geographical locations, but we still have some others to roll it out to. With my clients, the ones who have shown an interest in Purview and are using it tend to be larger businesses that work across geographies. They are deploying Purview to their various office locations in different countries. The speed of deployment depends on the size of the company. We have 150 users.

Purview needs to be reviewed periodically to ensure that the policies are still appropriate and effective. We have tried to automate as much of this process as possible, so from a maintenance point of view, Purview does not require much manual effort. However, we do have a core group of people who regularly review Purview to stay ahead of new features and to determine whether they are appropriate for our organization.

We are currently reviewing some of the new features and redoing many of our policies. In some cases, we are considering switching from manual hard copy or written policies to policies in Purview, either to work alongside their document or to replace it. We will be gearing up for this transition soon.

I would test Purview, explore its features, and seek advice from people who have used it or from Microsoft themselves. This would help me to understand what it can do. I think it is important to avoid keeping Purview as an IT-only tool. Instead, promote its capabilities to a wider audience, including other stakeholders. Once creating and deploying solutions in Purview, I recommend deploying them to a targeted area first and then scaling them up. If a retention policy is suddenly deployed across the entire estate, people may not understand what they are looking at and may resist using it. My advice is to learn about Purview, share the learned knowledge with others, and involve other areas of the business in its deployment. Also, think carefully about how to deploy Purview in a way that minimizes disruption.

To ensure compliance with numerous regulations for our data governance initiative, we employ Microsoft Purview for data classification.

In our specific case, we only have on-premises servers and the same Microsoft cloud platform, Azure. I have not used Microsoft Purview with any other cloud providers like AWS or anything like that. However, it appears that Purview can be used to protect data across multiple clouds and platforms.

In the future, it could be important for us that Purview can connect to iOS, Mac, and Android devices. We will be onboarding data that requires updating some of the tables, descriptions, and other aspects. In that case, it would be beneficial for users to be able to access it from different devices. However, in my case and for the people in IT, we will always be using computers.

Microsoft Purview's native integration with Azure Dynamics and Office compliance is good. We have utilized it with Synapse Analytics and Data Factory, both Microsoft products. The integration is seamless and efficient. However, in the context of Synapse Analytics, its value proposition is less evident. While it is a nice feature, I cannot fully grasp its significance.

It is crucial that Purview was built with consideration for critical regulations from around the world. This is an integral part of the classification rules and it simplifies our work. However, I haven't seen specific references to regulations such as GDPR or PII. There are numerous laws in different states, as well as preferences here in Canada, but I haven't come across specific examples. Nevertheless, the classifications encompass a wide range of government information, sensitive data like financial information, and personal information based on various formats that we can even adjust or create our own. So, it's a positive aspect.

Purview has assisted us in creating an updated catalog that is more realistic. It has also enabled us to quickly classify our data. Additionally, we aim to enrich the data catalog with more metadata, both now and in the future. While this process is primarily manual, we are exploring ways to involve business users to streamline it.

It has improved the visibility into our estate.

Purview allows us to demonstrate our compliance on a near real-time basis. While executing a single scan will provide updated information, it doesn't provide true real-time visibility. To achieve the closest to real-time compliance monitoring, we can execute data extraction processes every four hours.

We have saved around 40 hours per month on some of our projects, which also leads to cost savings.

The ability to classify data quickly and effortlessly is arguably Microsoft Purview's most valuable feature. It can scan all tables and columns, identifying those that contain personal names, date builds, or other sensitive information.

I am interested in exploring the process of data scanning to identify data lines that do not contain stored procedures. This would allow us to detect potential black boxes within our data, where we are unable to trace the flow of information and identify all instances of stored procedures. Additionally, we would like to expand the reporting capabilities beyond Power BI to encompass other visualization tools such as Tableau, Looker, and others.

Reflecting organizational changes within Purview is impractical. Any such changes necessitate discarding existing data and starting anew, which increases both the cost and time required for maintenance. Therefore, I believe that enhancing Purview's maintainability is crucial.

I have been using Microsoft Purview for one year.

I would rate the stability of Purview a nine out of ten.

Purview is easily scalable in the cloud.

The technical support team was readily available for a Zoom call and was able to view my screen and provide assistance. The only downside was that I ultimately resolved the issue myself, which suggests that the local Microsoft support may not be as knowledgeable.

Positive

I have used other solutions other than Purview but it doesn't encompass the entire data management lifecycle. For example, Tableau has a data management suite, but it's primarily focused on analyzing reports, enforcing visualization governance, and managing data within Tableau itself. It doesn't extend to data sources or beyond that. Other data management tools in development offer similar functionality, but they may not have specific classifications for personal information.

The initial deployment was straightforward. The cloud administrator handled the subscription and all the necessary paperwork, while I proceeded with the setup.

The price is reasonable considering its value.

I would rate Microsoft Purview nine out of ten. Purview is a good product but still has some areas to improve.

Thus far, we haven't had any comprehensive maintenance for Purview. While there is maintenance required for scanning new servers, that's essentially the extent of our maintenance efforts. We may need to make significant changes to Purview's structure to enhance its usability. Purview's current structure resembles that of an organizational department. For instance, if a marketing application is mistakenly scanned under HR, I cannot simply move it to the correct location. Instead, I must discard all existing data and start from scratch.

Microsoft Purview helps our business identify valuable information across various data types by using machine learning and customizable tags. It then allows users to export this data with PowerShell and combine it with metadata from other Microsoft products, facilitating both data analysis and migration processes.

While I haven't used Purview's cross-platform capabilities, I'm impressed by Microsoft's integration of its various solutions, including ComplianceOne and SharePoint, which cater to large enterprises. A deep dive into the functionality confirmed this positive impression.

The ability of Microsoft Purview to connect across devices, including Macs like mine, is a major benefit. While I was surprised to find PowerShell running smoothly on Mac, Purview itself has been user-friendly and avoided the issues I've read about online. This ease of use is crucial for me.

My previous projects focused on M365, but the next step is integrating Azure Virtual Machines into our solutions. In this context, Purview's ability to natively integrate compliance across both Azure Dynamics and Office 365 is crucial for ensuring our work scales effectively.

The biggest advantage of Purview is its ability to centralize data management. This multi-platform tool integrates data assets from across the company, providing a reliable and unified way to handle data procedures. This consistency, a hallmark of Microsoft products, is valuable for many users.

Designed for our regulated environment, Purview offers a variety of features that enable us to develop compliant solutions even when limitations seem to restrict what's achievable.

Purview has helped save us time through automation.

The most valuable aspect of Purview is its PowerShell connectivity, enabling automation. The content explorer helps visualize how classifiers, including custom-sensitive information types, identify content. Purview even allows testing these custom types with a dedicated button. Overall, PowerShell governance and export capabilities significantly improve our workflow by automating tasks and simplifying data extraction.

While Microsoft Purview addresses global regulations, it lacks out-of-the-box functionality. Extensive development is needed to define sensitive information types and train rectifiers for each customer. Most importantly, Purview currently lacks multi-language support, hindering its use in multilingual environments. Since communication compliance is the only exception, future updates should include sensitive information types and keywords in major languages, especially those relevant to the European Union. This would require customization efforts to create equivalents for these information types and keywords in other languages.

The rapid pace of feature changes in Purview, including marketing shifts, retirements, merges, and splits, creates challenges. Documentation struggles to keep up, leaving users behind. Further compounding this issue is the inconsistency of PowerShell modules. While some, like the SAP exporter, function well, others, like the trainable classifier's missing fetch module, significantly limit the usability of a potentially valuable feature. This lack of polish hinders automation efforts and makes data governance assessments more difficult.

Setting up Purview in a production tenant proved challenging due to a lack of clear documentation on permission requirements. While Purview offers role-based access with custom role creation, there's no built-in explanation of each role's function and associated permissions. Microsoft Learn documentation wasn't helpful either. Ideally, Purview should provide in-context information about each role within the portal, eliminating the need for cryptic names and extensive external research.

I have been using Microsoft Purview for under one year.

Microsoft Purview seems to be functioning, but there's a lack of clarity on how it analyzes data. The content explorer shows inconsistencies, with Microsoft acknowledging that the actual document count might differ from what's displayed. This suggests limitations in the current setup. While improvement is desirable, it's still a usable tool.

I submitted a support request in the test tenant, possibly specific to that environment. However, the Purview quality was lacking. Automatic replies didn't address my question, which seemed misplaced within the chosen topic. It felt like I contacted the wrong department. Instead of offering real support, they suggested I write a public blog post seeking help online. This was essentially non-existent support, potentially due to limited resources for test tenant users. It's unclear if this reflects the quality of support for the expensive enterprise licenses.

While deploying Purview itself was easy for me after I had spent significant time getting a Microsoft certification, onboarding junior colleagues who haven't had that preparation is proving more challenging. Despite their initial confusion, the overall structure and features of Purview seem well-organized and at least decent.

While a single person could deploy Purview in this instance because it's a test tenant, it's important to clarify that this ease of deployment applies only to the test environment and wouldn't be representative of the process for a production tenant.

The implementation was completed in-house.

Microsoft Purview is a subscription-based service, so we need either an E3 or E5 license to use it. The specific features we have access to within Purview depend on which of these licenses we have.

I would rate Microsoft Purview eight out of ten.

To choose the best Purview subscription for your needs, I recommend using a test tenant to explore Purview's features and value proposition. This will help you identify the most critical functionalities and choose the subscription that best aligns with your business requirements.

We migrated everything to the Azure cloud. Microsoft Purview was coming up at the time, and we also started looking into their other products such as Microsoft Power Platform, particularly Power BI. We wanted to see how these particular tools can go head to head and how they would be useful. This is when we started with Microsoft Purview. The POC itself took more than a year because it was not easy. The tool was growing. It took a long time to get their product support help to fix some of the issues and features. 

In the last year, we started using it for a few things. One is mainly data protection. We mainly targeted the scenarios where when someone is sending a document in an email or labeling a document as confidential, what the person receiving the document can do. 

We are trying to cover Microsoft 365-related products. We are trying to use it for the data discovery process. That is the end goal. Across the organization, we want people to be able to find the data easily. There is a kind of data marketplace, and we started to use it for data discovery.

Data discovery is one of the beautiful things of Microsoft Purview. We mostly have Microsoft products, so it has been helpful, but we are continuously growing. We are still in the learning stage with this product. We are trying to onboard only a small amount of data, and then we will see how we can curate the data so that it is meaningful. Slowly, and probably after a year, we will come to know how efficiently we are using Microsoft Purview as a part of the data discovery phase.

Microsoft Purview is a cloud-native app. So far, we have only used it with Windows with Chrome or Edge browser, and it works seamlessly. It is not a problem. We have not used it with other OSs, but it should work with them.

Microsoft Purview was built taking into account critical regulations from around the world. Data classification is one of the beautiful features. It works seamlessly.

Microsoft Purview's natively integrated compliance across Azure, Dynamics 365, and Office 365 is perfect.

Microsoft Purview enables you to show your compliance in real time. There is the Insights dashboard, which is particularly for security officers. They can always go and have a look. If there are any compliance issues with the portal, they can always go and check anytime.

Microsoft Purview has helped to reduce the time to action on insider threats, but I do not have the metrics. We are in the discovery phase. After a year, we should be able to provide exact metrics. As of now, we just look into the issue and take action. It is helping to reduce the errors. In terms of percentage, there are about 20% savings.

Microsoft Purview will save us time and overall product delivery costs. Product data discovery should be easy, which will reduce the overall product delivery time. This is something that we are working on. There should be at least 10% savings on the project delivery time.

There are several features. Their data labeling or data classification is particularly valuable because we want to categorize all of our data into confidential, public, or internal. Microsoft Purview works seamlessly with the Microsoft product suite, including Office 365, to schematize the data assets, so data labeling and classification have been helpful.

Microsoft Purview can connect with all of our security-related things across Office 365. It easily connects with Microsoft Defender. The integration with Microsoft Defender is good.

It works well for schematized data assets for lineage tracking. Overall, it works well if someone is using mostly Microsoft products.

It is still growing. It does not meet all the requirements from the security point of view. It supports only a limited number of tools and technologies that pertain to Microsoft products. If you want to leverage other solutions such as Workday or Oracle Fusion, features will be coming up, but as of now, it is for the Microsoft suite. 

It is still growing as a data connector platform for supporting ingestion from non-Microsoft data sources, so not all the products are supported as of now. 

As a data catalog tool, it needs to have a connection with all the sources. This improvement is definitely needed because they are supporting only Microsoft-related products but not third-party products.

We started to explore Microsoft Purview when they launched it. It was the end of 2021.

It is a stable product, and continuous improvements are always coming in. After a year, it probably will be a complete tool for all sorts of uses. I would rate it an eight out of ten for stability.

It is unlimited. I would rate it a ten out of ten in terms of scalability.

We currently have 10 to 20 people using the tool. It is deployed as part of information technology from the IT management, and we try to circulate it by onboarding various sets of users from various departments.

Last week, I raised an issue with technical support. It issue was a priority for us. Within a couple of hours, they got back. They were efficient with this particular product. I would rate them a nine out of ten.

Positive

We used some of the manual processes. We built a data catalog using Vast data services.

It is deployed on the cloud. The deployment time is much less, but because it is a data cataloging tool, curating the data takes time. Spinning of the environment and starting it can be done in a couple of hours.

It definitely requires maintenance from the data security and data scanning point of view.

We have a data governance team. 

It is cheap. It is based on consumption. If somebody wants to start using it, the price is definitely cheaper than a tool like Collibra.

I would definitely recommend Microsoft Purview. However, it is not good for data quality. If you are not looking for data quality and you only want a complete security and data cataloging tool, it is perfect.

It is still maturing. At this time, I would rate Microsoft Purview a six out of ten.

Our goal was to provide insights into the latest data entries, implement governance measures, identify and classify sensitive data, and address specific business use cases. The primary use cases revolved around establishing a comprehensive data lineage, accompanied by pertinent metadata. This was primarily aimed at providing a business-centric dashboard, enabling stakeholders to visualize how data moves from one point to another and ultimately reaches the target. 

In my experience, I've utilized it on Windows machines with Blackfish without encountering any issues.

The dashboard offers insights into the nature of the data, and the transformations occurring between different columns, and allows for traceability to identify any issues that may arise. These use cases have proven highly beneficial not only for business analysis but also for support activities. For instance, it aids support personnel in quickly identifying issues such as missing data or anomalies, streamlining the troubleshooting process for efficient problem resolution.

Purview facilitates data management across diverse cloud and platform environments, encompassing AWS and GCP. However, my experience has been exclusively with Azure. Given that my ecosystem operates within Azure, both the source and target activities are conducted seamlessly within the Azure framework. The integration is smooth since Microsoft Purview is inherently designed for Microsoft components, making it effortless to establish connections and retrieve the required data. I haven't employed it for other sources or alternative cloud systems.

The importance of Purview lies in its careful consideration of critical global regulations. As a data governance solution, it plays a crucial role in business development processes. Given the potentially sensitive nature of incoming data, proper classification is essential to ensure specialized treatment. This facilitates easy access for subsequent activities such as metadata modifications or updates, providing sufficient information for comprehension by business personnel. The tool proves beneficial for data quality officers, enabling them to monitor data and detect any discrepancies, empowering them to take necessary actions. In the realm of the cloud, Purview emerges as a highly valuable data governance solution.

The integration of Microsoft Purview has significantly reduced the need for multiple solutions to interact within our company. This reduction not only streamlines processes but also saves time. For example, when a problem arises, understanding, identifying, and resolving it becomes much easier compared to the traditional approach of tracing through multiple systems for the root cause. With Microsoft Purview, the identification process is simplified, leading to potential savings in support efforts. Business stakeholders also benefit by gaining more visibility into how data flows through the system and understanding the metadata information without relying heavily on support or technical personnel. This autonomy enhances their ability to assess and comprehend the situation independently.

I haven't implemented it to enhance response time for insider threats by applying security measures. However, the tool does provide visibility into the movement of data, allowing the data control officer to monitor and classify alarms promptly. In the event of an alert, appropriate actions can be taken accordingly.

Efforts have significantly diminished, and this reduction is directly proportional to cost savings. As a technical person involved in both solution development and support processes, I've observed a reduction of more than fifty percent. The turnaround time for issue resolution has notably decreased. Previously, it took others a considerable amount of time to identify the root cause, but with Microsoft Purview, pinpointing issues and finding solutions has become much more efficient.

It has had a significant impact on our capacity to maintain compliance. As a data governance solution, it offers features essential for ensuring that compliance requirements are thoroughly met, and data processing aligns with regulatory standards.

The user interface is highly intuitive and user-friendly.

I appreciate it because it provides a unified solution. Everything can be managed in one place, from scanning sources to making assets available. The access includes comprehensive metadata information, presented in a non-technical manner for easy comprehension of the asset's nature. The visualization it offers is quite clear. Additionally, it creates a lineage based on data processing, allowing for workflow authorization and control over metadata modifications or other activities. 

It caters to the entire micro-ecosystem, providing connectivity and seamless data flow. It allows for scanning, asset discovery, and data coverage. While there are some existing limitations, it's important to note that the tool is continuously evolving. I believe it holds great potential and will become an excellent resource for development in the future.

Purview's data connector platform is designed to facilitate ingestion from non-Microsoft data sources. I've personally applied this feature to one of our sources, an Oracle database. Specifically, we utilized ADA for data permissions and seamlessly integrated it with the Azure Data Factory pipeline. This automated the connection to Oracle, enabling the setup of data extraction and loading processes. Overall, it proved to be a valuable and effective feature.

Enhancing the tool's capability to connect to multiple sources would be valuable. Also, when data is transformed in other systems, the tool should capture the relevant metadata and generate lineage for those systems as well. Thirdly, addressing limitations, such as relying on Apache Atlas for mitigation, should be handled within the Microsoft tool itself rather than external dependencies like Apache Atlas.

I have been using it for approximately six months.

The stability is satisfactory, and I would give it a rating of eight out of ten.

I have utilized it in a cloud environment, and scalability is assured.

I am content with technical support, but for various inquiries, the responses often indicate that the feature is either not available or still in a previous state. I would rate it eight out of ten.

Positive

The initial setup was straightforward. Even individuals with less technical expertise can do it.

Deployment spanned a week and involved six different individuals.

Maintenance becomes necessary when leveraging external APIs and tools, especially concerning access management. However, once the initial setup using MS Purview is complete, ongoing maintenance is minimal. Automation takes over with continuous scanning, automatic data classification, and sensitivity labeling. Workflows can be established and utilized for an extended period, reducing the need for frequent maintenance.

I consider it cost-efficient because of the metrics it provides. With each scan being incremental, avoiding redundant scans of the same object, the tool offers a way to manage costs effectively.

We didn't extensively evaluate other options because Microsoft Purview successfully met the requirements for the specific tasks at hand. However, during implementation, I became aware of more mature tools available in the market that might offer greater capabilities. It seems that Microsoft Purview is still evolving compared to these more established alternatives.

In my scenario, I encountered difficulty connecting to a file system database, especially when it was located on a different server. Additionally, when working with an in-house solution like Azure Data Factory, while Microsoft Purview can successfully bring metrics to tables as assets, it faces limitations in identifying the leading use of those assets. For instance, a database solution handling ETL activities may not seamlessly provide insights into the transformations, sources, immediate obligations, and final targets associated with a specific asset, making it challenging to track its usage directly within Microsoft Purview.

I would strongly recommend Microsoft Purview when utilizing solutions within the Microsoft ecosystem, such as Data Factory, various applications, and databases.

Overall, I would rate it a seven out of ten because several features are still in a preliminary state. Given that it is in preview, it may not be as stable or fully functional yet. Also, the absence of data quality and data profiling mechanisms contributes to this rating.