Microsoft Purview compliance portal: Information Protection - Exact Data Match adding support for role-based access control (RBAC) for EDM upload authorization

🚨 The Signal: Purview Exact Data Match (EDM) now supports role-based access control (RBAC) for data upload authorization. This enhances granular control over who can upload sensitive data, improving data loss prevention (DLP) posture and reducing insider risk.

The Impact

Security teams and Purview administrators are affected, gaining more granular control over sensitive data uploads, reducing the risk of unauthorized data exposure.

• Security Teams: Reduced risk of unauthorized sensitive data uploads.
• Purview Administrators: Improved control over EDM data upload permissions.
• Compliance Officers: Enhanced auditability of sensitive data handling processes.
• Data Owners: Greater assurance of data protection integrity.

The Action

1. Navigate to Microsoft Purview compliance portal > Roles & scopes > Permissions.
2. Create or modify a custom role with specific permissions for 'Exact Data Match' data upload.
3. Assign this custom role to designated users or groups responsible for EDM data uploads.
4. Review and remove users from the legacy 'EDM_DataUploaders' security group if RBAC is adopted.
5. Document the new RBAC assignments for audit and compliance purposes.

Domain: Purview · Impact: high · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898