Microsoft 365 Message Center Archive

MC1199765 - Microsoft Purview: Role management update

Message ID

MC1199765

View in Message Center

Service

Microsoft Purview

Last Updated

Feb 18, 2026

Published Dec 18, 2025

Tag

Updated message
Feature update
Admin impact

Summary

Microsoft Purview is updating role management by mapping certain Purview admin roles to new Microsoft Entra roles, synchronizing assignments automatically from mid-February to late March 2026. No customer action is needed, but new Entra roles will appear in audit logs and should not be assigned manually.

More information

Updated February 17, 2026: We have updated the content. Thank you for your patience. 

Introduction

To strengthen security when Microsoft Purview interacts with Microsoft 365 services (Exchange, SharePoint, OneDrive, and Teams), we’re updating how roles are managed in Microsoft Purview. Certain admin roles in Purview will now be mapped to three newly created roles in Microsoft Entra. Role assignments will be synchronized between Purview roles and Entra roles without any customer action. This ensures that user permissions and identity flow securely from Purview to Microsoft 365. M365 services will only allow high-privileged operations like search/export to Purview users with the correct level of permissions in Entra, further protecting customer data.

When this will happen:

  • General Availability (Worldwide): Rollout begins mid-February 2026, finishes by late March 2026.

How this affects your organization:

Who is affected: All customers with admins assigned to high-privileged roles in Purview that access Microsoft 365 data. These admins will have their assignments synced to Entra, meaning they will be assigned membership to mapped Entra roles.

What will happen:

  • New roles will be created in Entra to map to Purview roles listed below.
  • Existing role assignments will sync automatically.
  • New assignments will sync from Purview to Entra within 15 minutes.
  • If an admin has multiple Purview roles, they will receive the highest privilege Entra role: Administrator > Writer > Reader.
  • Customers may see new Purview-specific Entra roles in audit logs.
  • Do not assign to these roles directly in Entra; Purview manages them.

Role Mapping Table:

Purview Role(s)Mapped Entra Role

Insider Risk Management Analysis
Insider Risk Management Investigation
Compliance Search
Export
Privacy Management Admin
Privacy Management Analysis
Privacy Management Investigation
Privacy Management Permanent Contribution
Privacy Management Temporary Contribution
Privacy Management Viewer
Data Security Investigation Reviewer

Purview Workload Content Reader
Hold
Privacy Management Investigation
Data Security Investigation Investigator		Purview Workload Content Writer
Search and Purge
Data Security Investigation Admin
Data Security Investigation Analyst (New Role)		Purview Workload Content Administrator

Example: If you have both Export and Search and Purge roles, you’ll get the Purview Workload Content Administrator role in Entra.

What you can do to prepare:

  • No action is required.
  • Be aware that new Purview-specific Entra roles may appear in audit logs.
  • Do not manually assign these roles in Entra; Purview will overwrite changes.
  • For more details, review Microsoft Purview documentation.

Compliance considerations:

No compliance considerations identified; review as appropriate for your organization.