Microsoft Purview: Data Security Investigations – role-based access simplification

Originally posted by Microsoft Mar 24, 2026 Uncategorized 0 Comments

Microsoft Purview will simplify Data Security Investigations access by automatically adding the DSI Contributor role to key role groups, effective late April 2026. No action or opt-in is needed, but admins should review role memberships to ensure appropriate access and update documentation if necessary.

Introduction

We’re simplifying how organizations manage access to Data Security Investigations (DSI) in Microsoft Purview. Based on customer feedback and continued alignment with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Microsoft Defender XDR, the DSI Admin and DSI Contributor roles will automatically be included in additional role groups. This reduces manual assignments and helps teams that frequently work across these solutions have the right access by default.

This message is associated with Microsoft 365 Roadmap ID 558546.

When this will happen

  • General Availability (Worldwide): Rolling out in late April 2026 and expected to complete by late April 2026.

How this affects your organization

Who is affected

  • Admins managing roles and permissions in the Microsoft Purview compliance portal

What will happen

  • The Data Security Investigation Contributor role will automatically be added to these role groups:
    • Organization Management
    • Data Security Management
    • Insider Risk Management
  • Members of these role groups will automatically receive the corresponding DSI access.
  • No existing permissions or role assignments will be removed.
  • No opt-in is required; this change applies by default.

What you can do to prepare

No action is required before rollout.

You may want to:

Learn more: 

Compliance considerations

  • Review which users in your organization are members of the affected role groups.
  • Confirm that the resulting DSI access is appropriate for those users.
  • Update internal access management documentation, if needed.

This change will automatically grant DSI access to members of the affected role groups. Admins should review current role group membership and ensure DSI access aligns with their organization’s security and compliance requirements. 

Message ID: MC1259826

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

Trending Posts

%d bloggers like this: