Microsoft 365 Message Center Archive

MC1259826 - Microsoft Purview: Data Security Investigations – role-based access simplification

Message ID

MC1259826

View in Message Center

Service

Microsoft Purview

Published

Mar 23, 2026

Tag

New feature
User impact
Admin impact

Roadmap ID

558546

View in M365 Roadmap

Platforms

Web

Summary

Microsoft Purview will simplify Data Security Investigations access by automatically adding the DSI Contributor role to key role groups, effective late April 2026. No action or opt-in is needed, but admins should review role memberships to ensure appropriate access and update documentation if necessary.

More information

Introduction

We’re simplifying how organizations manage access to Data Security Investigations (DSI) in Microsoft Purview. Based on customer feedback and continued alignment with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Microsoft Defender XDR, the DSI Admin and DSI Contributor roles will automatically be included in additional role groups. This reduces manual assignments and helps teams that frequently work across these solutions have the right access by default.

This message is associated with Microsoft 365 Roadmap ID 558546.

When this will happen

  • General Availability (Worldwide): Rolling out in late April 2026 and expected to complete by late April 2026.

How this affects your organization

Who is affected

  • Admins managing roles and permissions in the Microsoft Purview compliance portal

What will happen

  • The Data Security Investigation Contributor role will automatically be added to these role groups:
    • Organization Management
    • Data Security Management
    • Insider Risk Management
  • Members of these role groups will automatically receive the corresponding DSI access.
  • No existing permissions or role assignments will be removed.
  • No opt-in is required; this change applies by default.

What you can do to prepare

No action is required before rollout.

You may want to:

  • Review which users in your organization are members of the affected role groups.
  • Confirm that the resulting DSI access is appropriate for those users.
  • Update internal access management documentation, if needed.

Learn more: 

Compliance considerations

This change will automatically grant DSI access to members of the affected role groups. Admins should review current role group membership and ensure DSI access aligns with their organization's security and compliance requirements.