We performed a comparison between Microsoft Defender XDR and Microsoft Purview Data Governance based on real PeerSpot user reviews.
Find out in this report how the two Microsoft Security Suite solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The ability to integrate and observe a more cohesive narrative across the products is crucial."
"Among the most valuable features are the alert timeline, the alert story, which is pretty detailed. It gives us complete insight into what exactly happened on the endpoint. It doesn't just say, "Malware detected." It tells us what caused that malware to be detected and how it was detected. It gives us a complete timeline from beginning to end."
"There is also one dashboard that shows us the status of many controls at once and the details I can get... It gives a great overview of many areas, such as files, emails, chats, and links. Even with the apps, it gives you a great overview. In one place you can see where you should look into things more deeply..."
"The product integrates security into one tool instead of having third-party security tools."
"From the perspective of Microsoft 365 XDR, the main benefit is a single, centralized dashboard offering the holistic visibility organizations crave."
"Microsoft 365 Defender is a good solution and easy to use."
"We can prevent, block, or audit however we like."
"Microsoft Purview stands out for its automatic data recovery system, which prioritizes critical data for the fastest restoration."
"My favorite Purview feature is auto-scanning. Once we set up Purview, we can automatically scan multiple data sources when new data comes into specific databases, like SQL and Oracle. We don't need to rediscover the new data or do anything manually because it automatically happens."
"The most valuable feature is the tracking activity and device onboarding."
"It starts off with records management, insider risk management, and information protection. And there is the discovery of the clouds, and we can get analytics on that as well, so that we know which user is using which cloud application and for how much time. The Activity explorer tells us which user was transferring out what data at what moment and on which device, including the serial number."
"Microsoft Purview's most valuable feature is its ability to identify content across a number of prescribed regulatory frameworks, including Microsoft, GDPR, PII, and UCC Financial."
"Data authentication enables us to classify documents based on whether they should be restricted for internal consumption or permitted for external sharing."
"It is critical that Purview delivers data protection across multi-cloud and multi-platform environments. That is the number one reason that people are adopting hybrid and best-of-the-breed approaches. Especially in banking, it is critical because people want to protect, govern, and secure their data. This is one of the first conversations that happens with security and the architecture group on the client side."
"Defender also lacks automated detection and response. You need to resolve issues manually. You can manage multiple Microsoft security products from a single portal, and all your security recommendations are in one place. It's easy to understand and manage. However, I wouldn't say Defender is a single pane of glass. You still need to switch between all of the available Microsoft tools. You can see all the alerts in one panel, but you can't automate remediation."
"Generally, antivirus products provide a central control to manage every device in terms of who is installing it or who is trying to disable it, but Microsoft doesn't have such a control center for the antivirus product it provides."
"Because of the training model, Defender XDR's automatic response sometimes blocks legitimate users and activities. Also, the UI sometimes responds slowly."
"What could be improved in Microsoft 365 Defender is its licensing, e.g. it should be more consolidated and would be good if it has some optimizations. Improving the alerts and notifications, in terms of adding more details, would also be good for this solution."
"The design of the user interface could use some work. Sometimes it's hard to find the exact information you need."
"My client would like the solution to be more customizable without using code. You can only build on the default console, but we're not allowed to change it."
"There is no common area where we can manage all the policies for the EDR, third-party solutions, devices, servers, Windows, Mac, etc., but it's on the road map, and we ware waiting for that feature."
"When we do investigations, it would be better if Microsoft could populate the host dashboard more. When we open any host for investigation, we want the entire timeline of what is happening on the host, including all the users logging in, their hardware, Windows version, etc."
"I have some concerns about the separation of roles in Purview from the Microsoft tenant, as well as how they interact with the security portal and endpoint manager."
"One drawback of Microsoft Purview, though it's beneficial and easy to use, is that when you start plugging in connectors for third-party sources when setting the solution up for data collection, it becomes a bit more tricky."
"The custom data classification for the African region needs to be improved."
"Support should be improved in the form of good documentation and video lessons where a person can check things out. There is a community, but it takes a lot of time if we want to get an answer to a question."
"It could reduce pricing to encourage usage."
"We have had a lot of issues since we moved to Unified Support. There have been work gaps there, and we believe they fixed them, but we need to make sure that they are going to be sustainable. It is to be seen."
"While Purview's data connector platform can ingest information from non-Microsoft data sources, it is slow to do so and the information may become outdated."
"If we could have a view something like we have in CrowdStrike—which is, I believe, the biggest competitor to Microsoft when it comes to security—a node nodal view, which we also have in Defender, that would make it a more complete, one-stop solution. That would save a lot of time for the admins and the engineers."
More Microsoft Purview Data Governance Pricing and Cost Advice →
Microsoft Defender XDR is ranked 1st in Microsoft Security Suite with 80 reviews while Microsoft Purview Data Governance is ranked 7th in Microsoft Security Suite with 51 reviews. Microsoft Defender XDR is rated 8.4, while Microsoft Purview Data Governance is rated 7.8. The top reviewer of Microsoft Defender XDR writes "Includes four services and four products, which can help organizations a lot". On the other hand, the top reviewer of Microsoft Purview Data Governance writes "User friendly with good documentation but needs to cover more non-Microsoft use cases". Microsoft Defender XDR is most compared with CrowdStrike Falcon, Microsoft Defender for Cloud, Microsoft Purview Compliance Manager and Wazuh, whereas Microsoft Purview Data Governance is most compared with Collibra Governance, Alation Data Catalog, Varonis Platform, Informatica Axon and Microsoft Intune. See our Microsoft Defender XDR vs. Microsoft Purview Data Governance report.
See our list of best Microsoft Security Suite vendors.
We monitor all Microsoft Security Suite reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.