How does Fasoo Enterprise DRM (EDRM) compare to Microsoft Purview Information Protection?

Fasoo EDRM is a better choice than Microsoft Purview Information Protection to protect sensitive files in your organizationThe first solution is an enterprise digital rights management platform to protect documents at scale in large organizations and along their supply chain.  Thousands of customers worldwide use it in a large variety of industries with numerous use cases.

The latter was developed primarily to protect the document ecosystem of Microsoft Office plus a few third-party file formats.

Over the years, Microsoft enhanced its security offerings and changed names so many times that many people are very confused.  What started as rights management server (RMS), morphed into Azure Rights Management, then Azure Information Protection (AIP), then Microsoft Information Protection (MIP), and now Purview.  If I missed a few, I apologize.

In talking to many of our customers who use Microsoft products, they want to protect sensitive data in many locations but struggle with understanding what to buy, how to deploy it, and how it works.  It is very confusing and a lot of the Microsoft solutions don’t work as advertised.

Microsoft Purview vs. Fasoo comparison

Many years ago, companies used enterprise DRM in limited use cases and it was complex to implement.  It didn’t scale well and required a lot of administration.  As a result, many IT and security groups today still lack hands-on experience with modern DRM-based information protection capabilities at scale.

Fast-forward to 2023: Enterprise DRM solutions have matured significantly over the past decade.  This has caused a considerable change in perceptions and is credited with the recent resurgence of enterprise DRM.  Gartner states “Enterprise digital rights management offers persistent data-centric defense, solving security and compliance challenges with clear goals and governance.”

Combined with the shift towards a data-centric information security approach, this development now has more information security leaders asking about the specific strengths of enterprise DRM.

Fasoo uses a centralized approach to manage security policy, while Microsoft relies on users to make security decisions.  Fasoo’s policy management model is flexible to allow a document owner to control protection and assigning of rights, but it shouldn’t be the only choice.  This centralized model allows administrators to define an overall policy and then allow subsets of policy to be delegated to users.  Since it’s your company’s data, you can decide if the data owner has ultimate control or the company.   This flexible but secure approach allows organizations to implement an ideal policy management model with checks and balances that accommodate many different use cases.

Microsoft relies primarily on the individual to assign the rights, with less capability for centralized control.  In contrast with the “assign and forget” policy like Microsoft, Fasoo enables dynamic policy enforcement which uses rich contextual information available about the user, device, time of use, nature of access (e.g., authorized, unauthorized), and even the content itself to intelligently adjust policies.

Below are some highlights of the differences between the two approaches.


1. Supported File Formats

How many file formats does Fasoo support compared to Microsoft Purview?

Microsoft file protection supports about 20 file types; Microsoft Office and PDF.  It modifies file extensions for non-Office file types (txt to ptxt, jpeg to pjpeg, bmp to pbmp).  This can cause issues with security applications and firewalls.  It also confuses users if they are looking for a specific file extension.

Fasoo supports more than 230 file formats, including a broad range of PDF files, CAD, image, multimedia, Office and many less common file formats using a niche application that a customer might use.  Users can open all files in their native application.  It does not modify file extensions, which means applications that rely on native file extensions for scanning or other purposes keep working.

2. Data Encryption

How strong is Fasoo’s encryption compared to Microsoft Purview?

Microsoft is limited to AES 128-bit encryption for Office files because Office 2010 cannot support AES 256-bit encryption.  Other file types use 256-bit.  Microsoft does not support encryption for Office 2007.  It recommends upgrading to Office 2016 or later for ease of deployment and management.

Fasoo uses multi-layered encryption for all file types, including AES 256-bit encryption for all file payloads.  This is the same encryption the NSA, banks, and other organizations use for highly sensitive data.  This is important for compliance with specific regulations.  Fasoo supports Microsoft Office 2007, 2010, 2013, 2016, 2019, 2021, and 365.

3. Audit Trail

How do the document tracking and monitoring capabilities of Fasoo compare with those of Purview?

Microsoft currently has no centralized report portal for usage, adoption, or document activities.  It also doesn’t provide a method for tracking user licenses.  Microsoft recommends editing the registry to remove access to functions from specific users designated as “consumers only” of protected files.

Fasoo provides centralized reporting on all document and user activities in a web-based console.  Thresholds can alert administrators to anomalous and potentially suspicious activity.  Fasoo EDRM also tracks all licensed users in a web-based, centralized console.  Customers can export audit logs to SIEM tools or other business intelligence applications for further analysis and alerting.

4. Policy and Exception Management

How are Fasoo’s policy and exception management different from Microsoft’s?

Microsoft relies on individual users to make security policy decisions on how to protect documents.  Users must decide the level of sensitivity and manually apply a security label before applying protection.  This approach requires IT and data owners to relinquish control over individual documents to a degree that poses challenges for organizations with many users and constantly changing roles.  If someone picks the wrong label, data protection may suffer.  This also adds to the administrative burden, since admins need to create and manage the security labels, and may need to assist in reclassifying documents.

Fasoo can automatically assign file protection without user intervention.  Security can be based on the user, content, or other context, and not burden the user.  It provides centralized policy management and exception-handling capabilities that can predefine security as users create documents.  This “file-centric, people-centric” approach allows the organization to determine who can access a protected document, rather than relying on the document creator to make that decision.  In cases where a user should make a decision, the user can manually encrypt a file and assign predefined permissions.  Users with appropriate rights can extend access rights and permissions to other users as needed, and a very simple workflow allows users to request access or additional permissions to a document.

If users download files from document repositories, Fasoo automatically encrypts them and automatically extends the security policies defined in the repository to the downloaded document.  This real-time policy creation and federation reduces user and administrative overhead and simplifies use.

5. Fasoo vs Microsoft Deployment

Can I deploy in the cloud, on-premise, or both?

Microsoft provides you with one option.  Purview is a cloud-based service.  Users require an Azure account to access protected documents, whether you are an internal user or an external partner or customer.  Accounts are most commonly stored in Azure AD.  For many customers, this is not a viable option, since Microsoft requires users to be in Azure and tracks all user and file activity.  Other customers do not want to deploy services in the cloud for regulatory or security reasons.

Fasoo can run in an on-premise data center, private cloud, hybrid cloud, or completely managed as SaaS.  Services can run on Windows or Linux systems and can deploy into AWS, Azure, Google, or other cloud providers.  You can use your existing identity & access management system to authenticate and authorize users to access protected files.  No need to store users in a specific system or give Fasoo any access.

6. External Sharing

Is it easy to share sensitive documents with external users?

Microsoft requires all external users to have accounts and credentials in Azure and gathers data on document exchange between parties.  Predefined sensitivity label-based policies make it impossible to adopt for ad-hoc collaboration making it less flexible, admin dependent, and introducing delays.  Every time a new partner or customer is onboarded and needs to access Microsoft-protected documents, they will first need to be added to the sensitivity label policies.  This can impose unnecessary requirements on customers, partners, and administrators, and gives Microsoft potential access to too much of your data.  Many organizations do not want to create another login and worry that their sensitive information is in the hands of a vendor.

Fasoo policies are built at runtime to accommodate real-world ad-hoc collaboration needs.  Users with sharing rights can extend permissions to collaborators and share documents through email, cloud applications, or any sharing service.  Fasoo can use existing credentials from your identity and access management system or allow external users to authenticate with an email address simply.  All transaction data is stored within your system and not available to Fasoo.  The system is yours and self-contained.  You decide how your users share, authenticate and access sensitive files.

7. Cloud Security

Is my sensitive data protected even if I use cloud applications?

With Microsoft, documents are not secure when uploaded to cloud apps, and there are easy ways to bypass the security, which provides a false sense of security.  You need to integrate Purview Information Protection with Defender for Cloud Apps to accomplish this, but it only supports specific cloud environments.  As with all Purview operations, everything is based on labels, and there is a limit to the number of labels you can apply in a day.  Microsoft claims this limit is to prevent mistakenly applying a label to a large number of files.  That decision should be the customer’s, not Microsoft’s, and introduces a major risk if you need to protect large numbers of files.

Fasoo provides robust and persistent data protection with adaptive security controls at the endpoint, network, cloud, and beyond.  Once protected, the protection persists with the file regardless of location.  Dynamic policies allow you to change permissions, expire files and even grant additional access with a few clicks.  You decide on what is protected, how, and by whom.  There are no arbitrary limitations on protection and access.

8. Protect CAD files

How does Fasoo Enterprise DRM protect CAD files in comparison to Microsoft?

Microsoft does not support the protection of CAD files while in use.  It relies on third-party applications to protect CAD.  Fasoo protects CAD files while at rest, in transit, and in use natively.  By integrating directly with over forty different CAD applications, Fasoo EDRM allows users to interact with CAD files as they normally do while maintaining strong protection of the data.


Will it fit and grow with your mission?

Most inquiries we get about Microsoft Purview vs. Fasoo boil down to a single general question: How does a dedicated solution for securing documents in large organizations stack up against an assemblage of document protection components designed with a focus on Microsoft Office applications and file formats?

It’s like comparing a Ford F-450 Super Duty truck with a Chrysler Pacifica minivan.  Both have four wheels and move you, but if you plan to haul a trailer with horses, the minivan is not the best choice.  If you plan to protect and share sensitive files that can go anywhere and need to control all aspects of the process, Fasoo is a better choice.

Deciding between a work truck and a family van becomes much easier when we ask this question:

Will it fit the mission?

Book a meeting