Microsoft Purview · eDiscovery
Data Investigator
Perform searches and access review sets for investigation without case management capabilities.
Scope: Limited to cases they are added to as members
Permissions
- Content Search - Perform content searches across Microsoft 365
- Review Sets - Access and analyze review sets
- Export - Export search results
- Case Information - View case information
- Document Tagging - Tag and annotate documents in review sets
- Analytics - Run analytics on collected data
Common use cases
- Paralegals conducting research and document review
- Junior investigators assisting with data analysis
- External consultants brought in for specific investigations
- IT staff helping with technical data retrieval
Best practices
- Use targeted searches to reduce data volumes
- Apply consistent tagging standards across review sets
- Document search rationale and methodology
- Coordinate with case managers before exporting data
Security considerations
- Cannot create cases or manage holds - lower risk than Manager role
- Still has access to potentially sensitive investigation data
- Export activities should be monitored and approved
- Should only be added to relevant cases, not all cases
Common questions
When should I assign the Data Investigator role?
Assign Data Investigator when you need to: Paralegals conducting research and document review; Junior investigators assisting with data analysis; External consultants brought in for specific investigations; and IT staff helping with technical data retrieval. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Data Investigator role do?
The Data Investigator role grants permissions including: Content Search - Perform content searches across Microsoft 365; Review Sets - Access and analyze review sets; Export - Export search results; Case Information - View case information; Document Tagging - Tag and annotate documents in review sets; and Analytics - Run analytics on collected data. See the Permissions section above for the full list.
What are the security risks of the Data Investigator role?
Key considerations when assigning Data Investigator: Cannot create cases or manage holds - lower risk than Manager role; Still has access to potentially sensitive investigation data; Export activities should be monitored and approved; and Should only be added to relevant cases, not all cases. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.