Microsoft Purview Compliance Portal: Information Protection - Admin unit scoping in Content Explorer and Data Explorer

🚨 The Signal: Purview Content and Data Explorer now support Admin Units, allowing delegated administrators to view data only within their assigned organizational scope. This enhances data governance and reduces over-privileged access for compliance roles.

The Impact

Purview administrators are affected, reducing the risk of unauthorized data exposure through over-privileged access.

• Purview Administrators: Reduced risk of accidental data exposure outside their scope.
• Compliance Officers: Improved data governance and adherence to organizational boundaries.
• Security Teams: Enhanced control over sensitive data access within Purview.
• Delegated Admins: More precise data visibility, aligning with their responsibilities.

The Action

1. Review existing Purview roles and Admin Unit assignments in Microsoft Entra admin center: Entra admin center > Identity > Administrative units.
2. Verify Purview Content Explorer and Data Explorer access for delegated administrators.
3. Ensure Admin Units are correctly configured to reflect organizational data boundaries.
4. Communicate the change to Purview administrators and compliance teams.

Domain: Purview · Impact: medium · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898