What needs improvement with Microsoft Azure Purview?

There is definitely room for improvement as this product is quite new. In terms of the competence of the tools with the Microsoft ecosystem, the product can do better.

Data quality has been a highly requested feature among customers. While it was initially scheduled for release in December last year, I anticipate that this feature will be available soon this year. I suppose that with the integration of all three solutions—data security, data governance, and risk and compliance—there will be a clearer direction regarding changes on the people side of things. Like any other changes, this integration will necessitate new responsibilities, processes, and policies. It's essential to outline the expected changes on the people side, such as identifying impacted personas and defining their new responsibilities.

While Microsoft Purview addresses global regulations, it lacks out-of-the-box functionality. Extensive development is needed to define sensitive information types and train rectifiers for each customer. Most importantly, Purview currently lacks multi-language support, hindering its use in multilingual environments. Since communication compliance is the only exception, future updates should include sensitive information types and keywords in major languages, especially those relevant to the European Union. This would require customization efforts to create equivalents for these information types and keywords in other languages. The rapid pace of feature changes in Purview, including marketing shifts, retirements, merges, and splits, creates challenges. Documentation struggles to keep up, leaving users behind. Further compounding this issue is the inconsistency of PowerShell modules. While some, like the SAP exporter, function well, others, like the trainable classifier's missing fetch module, significantly limit the usability of a potentially valuable feature. This lack of polish hinders automation efforts and makes data governance assessments more difficult. Setting up Purview in a production tenant proved challenging due to a lack of clear documentation on permission requirements. While Purview offers role-based access with custom role creation, there's no built-in explanation of each role's function and associated permissions. Microsoft Learn documentation wasn't helpful either. Ideally, Purview should provide in-context information about each role within the portal, eliminating the need for cryptic names and extensive external research.

I have some concerns about the separation of roles in Purview from the Microsoft tenant, as well as how they interact with the security portal and endpoint manager. Certain permission issues or protracted permission updates could arise due to suboptimal configuration, potentially extending the expected timeframe.

Microsoft Purview's Data Loss Prevention for Mac endpoints hasn't met our expectations, and we believe there's room for improvement. Microsoft Purview's compliance processes for handling various Mac and iOS devices could be significantly improved.

While Microsoft Purview offers data protection across multi-cloud and multi-platform environments, granting access in such complex settings can be lengthy and expensive. Every scan we perform incurs a charge, making exploration quite costly. I would like to have complete video documentation for training.

While Microsoft Purview currently allows weekly scans for data sources, this limitation hinders the usefulness of the tool for frequently changing data. Ideally, Purview should offer daily scan frequencies to better accommodate these dynamic environments. Microsoft should provide full access to log details, particularly those related to technical aspects of data source integration. Hiding information from technical users assumes a lack of understanding on their part, which isn't the case. While Microsoft claims Purview is under constant development and some features lack documentation, this shouldn't prevent transparency, especially for established functionalities we rely on.

The tool's Windows PC offerings are far better compared to the granularity on the Mac side. The product must provide better integrations with OS X and iOS. There must be feature parity. The product must also provide better integrations with other ecosystems. I'd love to see Microsoft integrating with Google Workspace, at least in the EDU K-12 space. Most people in the EDU space use Google Workspace and Microsoft. Extending the capabilities of Purview would be phenomenal.

We have had a lot of issues since we moved to Unified Support. There have been work gaps there, and we believe they fixed them, but we need to make sure that they are going to be sustainable. It is to be seen. In terms of features, our technical team would be able to speak about the areas of improvement better. In terms of additional features, that would again require a conversation with the technical team as we are thinking about what pieces and parts are missing. We have a feature set that we have shared with Microsoft, and that gets into a lot of detail. We did the analysis. We believe that we are on the road map for some of those feature sets.

There are some non-Microsoft file formats that are not supported. While they seem to be focused on Sharepoint and OneDrive, I'd advise that if somebody saves something locally to their hard drive, this should also be classified and protected. The DLP has to become more mature now that there are other competitors present in the market.

Some of the menu headings may not be easy to understand for some people. For example, when I first used Purview, I noticed that one of the self-compliance centers had changed its name. Microsoft has done a huge amount of updates, and sometimes it's hard to keep track of what Purview can do. We almost constantly have to explore it. Maybe Microsoft could have a 365 roadmap where we can look at upcoming features, or some kind of bulletin announcement for Purview users that explains new features and what they can do in simple terms. We could also look at the menu settings. In my experience of using Purview, we've never used it as an exclusive system for IT professionals or technical staff. We were very keen that other specialists around the business made use of some of these features because we thought that some of what Purview could do was relevant to other departments as well as IT. For example, we have HR managers and financial staff who use it. I think that some of the terminology in Purview is pitched toward IT and tech professionals, and it may not be immediately understood by other specialists. This is something that could be improved.

Microsoft Purview's ability to deliver data protection across multi-cloud and multi-platform environments is important, but there are some limitations. For example, if we have our own cloud solution, Purview cannot currently protect it. However, we can integrate Purview with other OEMs, such as Forcepoint, McAfee, or Symantec, to provide DLP functionality for our CASB. Additionally, Purview cannot protect cloud platforms that are part of a shared domain, such as our own website, unless they are part of the public domain. Purview needs to add DLP support. One of the things I would like to recommend is that Purview doesn't have the option to push policies or updates in real-time. Instead, it is based on the last five-bit communication. We cannot make any changes to this. It is based on the device when it is communicating with the server. If I want to do this forcefully from the server, if I want to send a wake-up call to all or selected agents throughout the organization, Purview does not have this capability in the GUI. The reporting functionality needs to be improved. I have found that the solution is not satisfactory for reporting. We have to use Power BI to generate the overall profit, but this requires a lot of configuration. In another solution, we can easily achieve the same reporting functionality. Purview does not have OCR functionality or network web. Therefore, OCR functionality is not included. OCR is available for Teams, but it does not work as expected. For example, it does not work well for systems that deliver to the recipient database, which could cause problems if it does not match our rules. Purview has limitations connecting to Android devices and SaaS devices. While Purview's data connector platform can ingest information from non-Microsoft data sources, it is slow to do so and the information may become outdated. I would rate Purview's data loss prevention for remediating violations a six out of ten. The reason is that Purview does not have an option for endpoint discarding. In contrast, Forcepoint and Trellix are more mature DLP solutions that offer endpoint discarding. This allows us to scan endpoints for sensitive data, take a replica of that data, and store it in a safe location. We can also encrypt the data on the endpoint. Microsoft Purview DLP does not offer this functionality. It is only available for Teams and email.

One drawback of Microsoft Purview, though it's beneficial and easy to use, is that when you start plugging in connectors for third-party sources when setting the solution up for data collection, it becomes a bit more tricky. There's limited documentation, so it's not as intuitive as setting up other parts of Microsoft Purview. If the process of connecting with third-party cloud providers and other SaaS products could be simplified, that would make Microsoft Purview a better product. In terms of how Microsoft Purview supports ingestion from non-Microsoft data sources, from a user experience point of view, it's a bit more challenging and results in a bit more struggle in that area. Overall, it's decent, but it would benefit customers if Microsoft spent more time and energy improving that experience and getting it on par with other Microsoft products. Microsoft could make it a lot easier to build connections with other cloud vendors, such as AWS and GCS. Microsoft will get there eventually, but it needs to understand its customer base and look at the percentage.

Non-Microsoft use cases are not very high. It's limited for now. They are continuously trying to evolve and trying to provide the latest right now. It is mature only on the more popular open source kind of applications or source tools. That is a limitation that it brings in. That said, if you already have a complete Microsoft stack then it will work really well. They still need more coverage on Microsoft Dynamics 365. It's an area they are still working on. The lineage data capabilities could be improved. They need data quality as a solution. They need to have that as part of their suite. If I want to drive governance and adoption, when it comes to dashboarding and understanding maturity, it still needs work. There are other better, more competitive tools.

The product needs improvement to edit the number of assets. It needs to be more inuitive as well.

We've had a few issues with the scanner. It runs perfectly one day, and on another day, it will run the whole night. It's probably related to the rules. If I set some compliance rules and apply the rules to any column, I can't delete it. I have to disable it and reactivate it. We have two instances. One is for everything, and the other is for the production environment. Sometimes there is a bug when the scan runs overnight. When we come in the next morning, it's still running, so we have to stop and restart it. This is costly.

Purview's data connectivity platform has a good set of connectors for ingesting data from non-Microsoft data sources. However, it still falls short in terms of coverage of other systems. It is mostly integrated with the Microsoft stack, but there are connectors to other systems and sources of information. Overall, Purview is not a one-stop shop for protecting company information. I am not sure that Purview was built with compliance guidelines in mind. It does have a component called Compliance Manager, which allows us to track our adherence to different standards, such as security and privacy standards around the globe. However, this is more of an add-on. I think there is still a significant gap between the technical capabilities of Purview and the ability to drive compliance or prove compliance through its use. I think this is a major gap that Microsoft does not adequately address. Purview is not a GRC tool. It is a set of security features, labeling features, and lifecycle features that do not come close to GRC tooling in terms of functionality. Additionally, there is no strong integration with the compliance framework, either in terms of rolling it out or proving our adherence to it. I would like to see improvements to the compliance manager, such as making it easier to start small and grow over time. This is not possible at this time. The current event-based retention management is very poor. This is an area that needs improvement. We need to be able to more natively or near natively label content for retention and sensitivity across other lines of business systems like Workday and ServiceNow. This would allow us to extend labeling to those applications and make it native. This would be of great benefit to our clients. Purview's DLP protection has some downsides. One downside is that the tips only appear in native applications. This means that users will not see them in other applications, such as web browsers. Another downside is that the tips only cover a subset of all the information. This means that users may still need to seek out additional information elsewhere. The technical support has room for improvement.

The Microsoft Purview data connector platform, which supports ingestion from non-Microsoft data sources, can be somewhat complex. For instance, when using Linux or Mac OS, additional agents are required. However, deploying these agents can lead to high resource consumption, such as increased CPU, hard disk, and RAM usage. The performance has room for improvement.

The overall cost of deploying this solution could be better. It seems that middle and small-sized organizations are not completely happy with deploying this solution in terms of the cost. It would be good if they concentrate on the cost part. Another improvement area is their customer support and service. The resolution time for an issue could be better.

Microsoft is doing an excellent job improving the platform, and they have a lot coming out shortly. However, the licensing around compliance could be much more transparent; it isn't clear for many organizations what kind of license they need to use, whether that's E5, E5 compliance, an information protection license, user-based, or platform-based. More information here would be a welcome improvement. Blueprints and landing zones like we have in Azure would be great to see in Purview. The solution could offer a baseline or blueprint of recommended settings for compliance regulations such as GDPR and ISO, which could be applied with a simple switch in the options. Some dashboard centralization, like one overview dashboard instead of many loosely connected ones, could be a good improvement. We must build our own assessments to comply with Dutch regulations, a mix of international and EU standards, as they aren't native to the solution. Many of our clients in the Netherlands require adherence to Dutch regulations, and as well as Purview covers the international aspect, the Dutch side is covered less than we would like. There's room for improvement regarding Purview's data loss prevention for educating users on how best to handle sensitive data. Microsoft is working on improving the policy tips. Still, from a user's perspective, I want to see more information in the case of a policy violation, such as context or details on why a specific rule is triggered. There are ways to tweak the DLP options, but a significant improvement would be real-time notifications when working on an email or message within Teams, for example. DLP is only triggered when sending or saving, so real-time notifications would be great. The basic functionality is there, but there's room for improvement.

One area for improvement is the detection of data types. This is really important. It has some of that functionality, but I consider it very limited. Maybe they can add some custom programming, or machine learning could be particularly useful for the detection of the nature of the data. If it could tell us, for example, when a given type of data is a social security number, that would be helpful. Currently, we need to open it and determine what the format is. We would like to know if a given type of data is PII data.

Purview's data connector platform for non-Microsoft data sources is good, but there is some functionality that hasn't been developed yet. There are some servers that it can't connect to yet, because they're still in a trial process. However, there are obviously some non-MS sources it can support, which is good. Hopefully, for the ones it can't connect to, that will be rolled out soon. There are other things that need to be developed in Purview. The data retention isn't great at the moment, and in that area we need certain functionality to be built. However, it's a very good tool and one I would champion.

It works very well, but there are some limitations because it is a new product. For a lot of features, you need to wait until the time that Microsoft announces that they are generally available. Or, a lot of times, some features are not even available. Then, you need to go through their support channel. So, it's a mixed bag. The API needs some improvement when connecting to non-Microsoft API sources. This is a limiting factor. The integration with modern data warehouses needs a lot more traction. Because clients will not always adopt Microsoft Azure as their cloud, as they can choose to be in a heterogeneous environment. For example, I have three warehouses: Synapse, Snowflake, and Amazon Redshift. In this case, I would hesitate to adopt Purview, as it is not the best choice at this point in time.

There are some limitations to the solution with regard to the lineage of data from different systems. I can see that everything works well, but if we start bringing in data from other systems not hosted in Azure the solution won't know whether it fits in the lineage space. Unfortunately, the solution only integrates with Microsoft Azure technologies so there is potentially some improvement that could be made in that area. In this case, we're lucky that the client has everything in Azure.