I rate Microsoft Purview Insider Risk Management six out of 10. I've had trouble using the product, and the UI isn't user-friendly. I don't mind the difficulties, but Microsoft's technical team doesn't provide adequate support, and there isn't clear documentation for some of the issues. I recommend working with a Microsoft partner company. Without a Microsoft partner, it may not be as smooth. Microsoft already has a foundation for implementing Insider Risk Management and policies for the customer's environment. This is also related to the customer has already some licenses of more than one thousand, for example. Microsoft has these projects that you can deploy inside the solution for free or almost free. You can ask the Microsoft sales department to find a good Microsoft partner to implement this solution.
Whenever you go for any risk management solution, you need to understand the criticality and sensitivity of your organization when it comes to risk. Once you have done that, I would prefer Purview because it is an easy, out-of-the-box solution. It has predefined features. If a person has a basic understanding of IT security and information security, he can easily tweak those policies after a month or whatever time frame the company chooses and it works seamlessly. We use Office 365 as well as Microsoft Defender and other Microsoft services for other purposes, like risky sign-ins or email forwarding. For example, if somebody is trying to forward their entire email box to a private email, that is something that is not permitted by our company's policies. We use different tools for different purposes. We use Purview more for data classification, categorization, and internal risk management. We use AI and automation for risky logins and risky sign-ins but not in Purview for internal risk purposes. We have defined policies for PII, things like passport or social security numbers, et cetera. The policy covers seven or eight types of PII information and would generate a high alert on this type of information.
Microsoft Security’s suite includes products that provide organizations with integrated security, compliance, identity and access, endpoint management, and privacy management solutions.
I rate Microsoft Purview Insider Risk Management six out of 10. I've had trouble using the product, and the UI isn't user-friendly. I don't mind the difficulties, but Microsoft's technical team doesn't provide adequate support, and there isn't clear documentation for some of the issues. I recommend working with a Microsoft partner company. Without a Microsoft partner, it may not be as smooth. Microsoft already has a foundation for implementing Insider Risk Management and policies for the customer's environment. This is also related to the customer has already some licenses of more than one thousand, for example. Microsoft has these projects that you can deploy inside the solution for free or almost free. You can ask the Microsoft sales department to find a good Microsoft partner to implement this solution.
Whenever you go for any risk management solution, you need to understand the criticality and sensitivity of your organization when it comes to risk. Once you have done that, I would prefer Purview because it is an easy, out-of-the-box solution. It has predefined features. If a person has a basic understanding of IT security and information security, he can easily tweak those policies after a month or whatever time frame the company chooses and it works seamlessly. We use Office 365 as well as Microsoft Defender and other Microsoft services for other purposes, like risky sign-ins or email forwarding. For example, if somebody is trying to forward their entire email box to a private email, that is something that is not permitted by our company's policies. We use different tools for different purposes. We use Purview more for data classification, categorization, and internal risk management. We use AI and automation for risky logins and risky sign-ins but not in Purview for internal risk purposes. We have defined policies for PII, things like passport or social security numbers, et cetera. The policy covers seven or eight types of PII information and would generate a high alert on this type of information.