What needs improvement with Microsoft Purview Information Protection?

I think the role of sensitivity labels in guiding AI interaction with Microsoft Purview Information Protection is pretty good, but for us, it's too general. It says, "Here's a dataset" and because something is in a particular folder, it's going to apply a label. It would be much nicer if it could go in, analyze the content, and say, "This is attorney-client privilege. This is company restricted," rather than assuming my patch notes for a server are the same as another company's. Having AI in Microsoft Purview Information Protection solution is very important for me because our datasets are so huge that we are not going to be able to do the classification ourselves. In order for us to use Copilot and expose any data, we have to do the sensitivity labeling first. That's a big task, and the people that are managing the data are not going to do the work. I have not had much luck or experience with the comprehensiveness of Microsoft Purview Information Protection's data classification abilities, particularly in identifying categories and sensitive information. The information we had at the time stated, "Here's how it's going to go and it's going to read all of your information and it's going to apply its own set of labels," which scares management. Once you apply the label, how do you get it off? And how do you go back and check the work? You can't. We don't trust Microsoft Purview Information Protection yet. While it has the potential to save us a lot of time, it's just not there yet with Microsoft Purview Information Protection. There are moments when if your identity is compromised, you're in trouble, which is the basis of everything. Making Microsoft Purview Information Protection more resilient to DNS failures would be great.

I evaluate the role of sensitivity labels in guiding AI interaction as pretty good, but for us, it's too general. It says, "Here's a dataset," and because it's in this folder, it's just going to apply this label. It would be much nicer if it could analyze the content and say, "This is attorney-client privilege. This is company restricted," rather than applying labels based on folder structure, since my patch notes for a server are not the same as another company's. Having AI in Microsoft Purview Information Protection is going to be very important for me because our datasets are so large that we're not going to be able to do the classification ourselves. In order for us to use Copilot and expose any data, I have to do the sensitivity labeling first. That's a big task, and the users managing the data are not going to do the work. I have not had much luck or much experience with the comprehensiveness of the data classification abilities in Microsoft Purview Information Protection, including identifying categories and sensitive information. The information we had at the time just showed that it's going to read all of our information and apply its own set of labels, which scares management. Once you apply the label, how do you get it off? And how do you go back and check the work? You can't. I believe what can be improved in Microsoft Purview Information Protection needs to be more precise to my needs. One feature I'd have appreciated that doesn't exist yet is related to what another attendee shared with me. He works for a larger company with a lot more data, and the classification limit of 100,000 just does not work for him because he produces well over 100,000 documents a day.

I think the role of sensitive labels in guiding AI interactions with Microsoft Copilot regarding grounding, access, and sharing behaviors needs more work. I see many options such as SharePoint Advanced Management for customers, but that requires a high investment from the customer's end in order to access the premium features of Purview, so it is not easy. To improve Microsoft Purview Information Protection, I think it would be easier to simplify the licensing model and clarify for customers what is included and what is not in the different SKUs.

When evaluating the roles of sensitivity labels in guiding AI interaction, I think it is important, but I am not sure yet. I am still figuring out how AI can help in that manner. We do not want things over-classified and put more protections on than they actually are, because that opens up other problems for us. I assess its ability to classify data and identify sensitive information as an area where we have not really gotten a lot of progress yet. I can see where that could be really valuable in the future. I just do not think it works for us because it is a little bit harder to define where it is and where it is not. With hard controls on it or a dictionary where you might use and say, 'If it has these words in it, then it is definitely classified.' Sometimes you can use those words, but if it does not have other information, then it is not classified for us. Or sometimes if it is accompanying other information, then it is, and then you get into some of the regex policy items that have to relate those things together, and that could be a little bit more tricky for us. One feature that I think could be improved is an automated dictionary list. Perhaps something that we could have pulled in from some other source that we have, another source of authority. I think typically the dictionary itself is then inclusive of a lot of confidential information, so you cannot necessarily just fill that out with all that information.

I am not impressed with the API ecosystem provided by Microsoft Purview Information Protection, and I want it to be better. Blue Cycle, as a group of developers who know security and Microsoft, differentiates in the Microsoft ecosystem by not only knowing Microsoft but also all the third-party products that Microsoft competes with and integrates with. We are a very API-first company focused on finding patterns and implementing them. A lot of functionality in Microsoft Purview Information Protection is not exposed in an API officially yet, which has made a lot of implementation work difficult because we have to do click ops instead of DevOps. While some tools have capabilities, communication rights management, for example, makes it almost impossible for a third party that is not integrated in as a solution provider to operate. That is not directly Information Protection, but it is a Purview example. However, I think that there have been many releases this week that might help with these issues, but I have not caught up on all of them yet.

I do not have any suggestions for improvement of Microsoft Purview Information Protection at this point since I am still learning.

The product is still in a growing phase. I could see that many use cases in their product are not capable enough in terms of detecting or protecting. Compared to other products, they are in the middle of bringing their solution up to the mark, so it is not a full-grown solution. They have to get more accurate results in terms of data discovery and classification. The second thing is their support; support from Microsoft takes a lot of time to get a response from their support team. The third thing is their OCR capability is not that great in terms of identifying the documents. We would love to see response times of less than 24 hours. Additionally, there is no way to check the policy's current status in terms of whether it got synced or not. You have to wait and test the use cases after 24 hours or after 48 hours, and once it starts working, then it appears the policy got implemented.

I am concerned about its accuracy levels. Sometimes it throws a lot of false positives. Microsoft Purview Information Protection needs to increase effectiveness and ensure compatibility. Effectiveness in Microsoft Purview Information Protection means enforcing the policy and making sure it works consistently across non-Microsoft products as well. There are some flaws in Microsoft Purview Information Protection in terms of detection and policy enforcement. There's inconsistency in the way the policy gets enforced. We are still trying to discuss these issues with Microsoft to get them resolved. I would assess the reliability of Microsoft Purview Information Protection in my organization as six on a scale of ten. The policy enforcement is not consistent, which means if I have a loophole, our data will still keep getting leaked. False positives can generate a lot of noise, which might result in missing real threats.

The most difficult part in the labeling solution is the lack of direct PDF support on Macs, whereas on Windows, a Purview agent can label PDFs. This should be improved to support PDF protection on Macs as well. Logging and auditing of SharePoint and other services need improvement. Additionally, during the initial setup, I found the lack of policy segregation at the sub-site level for DLP policies to be a challenge.

The communication around Microsoft product names and functionalities can be confusing, like when they combined Office 365 Risk and Compliance with Azure Purview. Then, they added Purview Hub to Fabric, and people thought Purview Hub would do data lineages, but it didn't. It isn't full-fledged Purview. It's just one feature set. Clarifying product features and use cases would help avoid such confusion. Additionally, improving the auto-classification functionalities and providing a more user-friendly experience would be beneficial.

There should be more training and communication regarding new features. I may be missing those communications, but it often seems like changes happen in the Purview portal without notice. Having a roadmap or updates about new releases would be helpful for demonstrating to clients. If things are constantly changing, I sometimes look silly when I log in, and things have moved or changed. Purview's data classification abilities could be more comprehensive. Purview is designed for Microsoft items like Word and Excel, but they're broadening the scope a little. Our clients use many file types. Being able to apply protections to those would be helpful because they're essential information for our clients.

Purview could better integrate with third-party tools, but I don't have a specific use case for that because It's currently integrated into the managed services we offer to Microsoft customers using E5 licenses.

I wouldn't recommend Microsoft Purview Information Protection for petabytes of documents as performance might be affected.

I had experience with previous versions of Microsoft Purview Information Protection as well. The new version doesn't have all the features that were present in the previous native clients and functionalities. For example, the ability to track documents - knowing where your document is, who is accessing it, when and where. You could even revoke access to a particular document if needed, which was a cool feature. These aren't available right now, although Microsoft is working on bringing them back, which might take some time. The tracking and revoking features from previous versions need to be brought back. Users should be able to track their documents' locations and revoke access when necessary. The scanning functionality should extend beyond on-premises environments to include cloud storage. Since it's Microsoft Protection, it should cover all Microsoft cloud services like SharePoint and OneDrive. If scanning works on-premises, it should work equally well in the cloud. Cloud functionality has limitations. For instance, the auto-labeling feature of Azure Information Protection can label 25,000 files per day, but it can't label existing data. This is impractical, as it's not feasible to create millions of new files just to have them labeled. These features seem incomplete or "half-cooked."

Microsoft Purview Information Protection can improve in terms of scan concurrency and scan processing time. Currently, the default limit for scans is a bit restrictive, and reducing the time it takes for scans would enhance overall efficiency.

There is room for improvement with the policy tips feature. It seems inconsistent, working well in some web applications but not as effectively in desktop applications. The experience is a bit hit-and-miss, so refining the policy tips functionality across all platforms would be a valuable enhancement.

Microsoft can improve the affordability of Purview Information Protection by offering it at a lower cost. This could be in comparison to the current pricing for enterprise customers and also for individual users. Providing an option for individuals to purchase Purview technology at a reduced cost would be beneficial. For instance, if I, as an individual, want to have Microsoft Purview Information Protection, it should be available at a more affordable price. Creating a separate low-cost version specifically tailored to individual users and a separate higher-cost version for enterprises would make the product more accessible and appealing. This approach could make Purview more popular, encouraging more individuals to start using and exploring its services.

There is potential for more integration in the use of AI. I believe the new capabilities of CoPilot, which Microsoft is starting to make available on its platform, will be valuable. The ability to refine and integrate regulatory frameworks, as well as address ongoing threats and attacks, can help us improve our defense. However, there is room for improvement in bringing things to market quickly and utilizing intelligence in the platform. The more automation and AI capabilities we deploy, the sooner we can benefit from real-time analysis and data gathering. Improvements in these areas are sought after and welcomed. The maturity of the Defender ecosystem and its extension into various areas of the Broad Azure and Microsoft 365 landscape are also appreciated, with more opportunities on the horizon. While there is always room for improvement, there is also a lot to celebrate in terms of using the tools we have and learning how to use them effectively.

Our primary concern is third-party application visibility. Many people choose other DLP tools, as they can search the Office 365 suite and detect sensitive information across thousands of other apps. The product is weak compared to the competitors on the DLP front, but the classification is good; the tool needs a bit more maturation. I want to see Microsoft being more flexible; Purview is excellent for an MS environment, but we can't use the DLP capabilities with third-party products, so it's limited there. We can use other tools for that, but it would be good if Microsoft implemented that. I want to see more robust reporting capabilities; reporting in dashboards and navigating through alerts can be laborious. If Microsoft could develop the reporting, the product would be more beneficial.