Microsoft Purview compliance portal: Data Loss Prevention - Admin units support for SharePoint Online

🚨 The Signal: Microsoft Purview Data Loss Prevention (DLP) now supports admin units for SharePoint Online. This allows granular, role-based access control for DLP management and alert investigation, improving delegated administration and reducing over-privileged access.

The Impact

Security teams and delegated administrators are affected, reducing the risk of over-privileged access to sensitive DLP data and controls.

• Security Teams: Reduced risk from broad DLP admin permissions.
• Delegated Admins: Improved efficiency with focused access to relevant DLP alerts.
• Compliance Officers: Better alignment with least privilege principles for data protection.
• Incident Responders: Faster, more targeted investigation of DLP incidents within their scope.

The Action

1. Navigate to Microsoft Purview compliance portal > Roles & scopes > Admin units.
2. Create new admin units based on organizational or regional boundaries.
3. Assign specific users or security groups to these new admin units.
4. Define custom Purview roles with appropriate DLP permissions (e.g., 'DLP Investigator', 'DLP Administrator').
5. Assign these custom roles to users/groups within the scope of the defined admin units.

Domain: Purview · Impact: medium · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898