Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

Microsoft Purview: Data Security Investigations – role-based access simplification

Message ID
MC1259826
View in Message Center
Service
Microsoft Purview
Category
Stay Informed
Tags
New featureUser impactAdmin impact
Rollout
April 2026
Roadmap ID
558546
View in M365 Roadmap
Platform
Web

Summary

Microsoft Purview will simplify Data Security Investigations access by automatically adding the DSI Contributor role to key role groups, effective late April 2026. No action or opt-in is needed, but admins should review role memberships to ensure appropriate access and update documentation if necessary.

Details

[Introduction]

We’re simplifying how organizations manage access to Data Security Investigations (DSI) in Microsoft Purview. Based on customer feedback and continued alignment with Data Security Posture Management (DSPM), Insider Risk Management (IRM), and Microsoft Defender XDR, the DSI Admin and DSI Contributor roles will automatically be included in additional role groups. This reduces manual assignments and helps teams that frequently work across these solutions have the right access by default.

This message is associated with Microsoft 365 Roadmap ID 558546.

[When this will happen]

  • General Availability (Worldwide): Rolling out in late April 2026 and expected to complete by late April 2026.

[How this affects your organization]

Who is affected

  • Admins managing roles and permissions in the Microsoft Purview compliance portal

What will happen

  • The Data Security Investigation Contributor role will automatically be added to these role groups:
    • Organization Management
    • Data Security Management
    • Insider Risk Management
  • Members of these role groups will automatically receive the corresponding DSI access.
  • No existing permissions or role assignments will be removed.
  • No opt-in is required; this change applies by default.

[What you can do to prepare]

No action is required before rollout.

You may want to:

  • Review which users in your organization are members of the affected role groups.
  • Confirm that the resulting DSI access is appropriate for those users.
  • Update internal access management documentation, if needed.

Learn more: 

[Compliance considerations]

This change will automatically grant DSI access to members of the affected role groups. Admins should review current role group membership and ensure DSI access aligns with their organization's security and compliance requirements. 

Change History

Show
Published: March 23, 2026
Last Updated: March 23, 2026
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free