Microsoft Purview compliance portal: Data Loss Prevention - Expanding access to Diagnostics to Compliance Administrator, Security Administrator and Organization Management

🚨 The Signal: Microsoft Purview DLP diagnostics are now accessible to Compliance Admin, Security Admin, and Organization Management roles. This expands visibility for security and compliance teams, improving incident response and policy tuning without requiring Global Admin privileges.

The Impact

Security and compliance teams gain direct access to DLP diagnostics, reducing the risk of delayed incident response due to privilege escalation requests.

• Security Administrators: Can now directly diagnose DLP incidents, improving response times.
• Compliance Administrators: Gain self-service troubleshooting for DLP policies, enhancing compliance posture.
• Global Administrators: Reduced workload from DLP diagnostic requests, improving operational efficiency.
• Organisations: Enhanced ability to monitor and fine-tune DLP policies, reducing data exfiltration risk.

The Action

1. Review existing role assignments for Compliance Administrator, Security Administrator, and Organization Management to ensure appropriate personnel have these roles.
2. Communicate the expanded diagnostic capabilities to relevant security and compliance teams.
3. Update internal incident response playbooks to leverage direct access to DLP diagnostics for these roles.
4. Verify that logging and auditing for these roles are configured to capture diagnostic activities within Purview.

Domain: Purview · Impact: low · Workload: Microsoft Purview · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898