Microsoft Purview Compliance Portal: Expanding access to Diagnostics to Compliance Administrator, Security Administrator and Organization Management

🚨 The Signal: Access to Purview Diagnostics is expanding beyond Global Admins to Compliance, Security, and Organization Management roles. This reduces reliance on Global Admin accounts for compliance investigations, improving least privilege posture.

The Impact

Security teams and Compliance Admins are affected, reducing the risk associated with over-privileged Global Admin accounts.

• Security Teams: Reduced reliance on Global Admins for Purview diagnostics.
• Compliance Admins: Gain direct access to diagnostic tools, improving efficiency.
• Global Admins: Reduced burden and attack surface by delegating diagnostic tasks.
• Organization Management: New access to Purview diagnostics for broader oversight.

The Action

1. Review existing role assignments for Compliance Administrator, Security Administrator, and Organization Management roles in Entra ID.
2. Assess if current Global Admin diagnostic tasks can be delegated to these more specific roles.
3. Communicate the expanded access to relevant security and compliance teams.
4. Update internal documentation regarding Purview diagnostic access and responsibilities.

Domain: Purview · Impact: medium · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898