Microsoft Purview · eDiscovery

Data Investigator

Perform searches and access review sets for investigation without case management capabilities.

Scope: Limited to cases they are added to as members

Permissions

  • Content Search - Perform content searches across Microsoft 365
  • Review Sets - Access and analyze review sets
  • Export - Export search results
  • Case Information - View case information
  • Document Tagging - Tag and annotate documents in review sets
  • Analytics - Run analytics on collected data

Common use cases

  • Paralegals conducting research and document review
  • Junior investigators assisting with data analysis
  • External consultants brought in for specific investigations
  • IT staff helping with technical data retrieval

Best practices

  • Use targeted searches to reduce data volumes
  • Apply consistent tagging standards across review sets
  • Document search rationale and methodology
  • Coordinate with case managers before exporting data

Security considerations

  • Cannot create cases or manage holds - lower risk than Manager role
  • Still has access to potentially sensitive investigation data
  • Export activities should be monitored and approved
  • Should only be added to relevant cases, not all cases

Common questions

When should I assign the Data Investigator role?

Assign Data Investigator when you need to: Paralegals conducting research and document review; Junior investigators assisting with data analysis; External consultants brought in for specific investigations; and IT staff helping with technical data retrieval. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Data Investigator role do?

The Data Investigator role grants permissions including: Content Search - Perform content searches across Microsoft 365; Review Sets - Access and analyze review sets; Export - Export search results; Case Information - View case information; Document Tagging - Tag and annotate documents in review sets; and Analytics - Run analytics on collected data. See the Permissions section above for the full list.

What are the security risks of the Data Investigator role?

Key considerations when assigning Data Investigator: Cannot create cases or manage holds - lower risk than Manager role; Still has access to potentially sensitive investigation data; Export activities should be monitored and approved; and Should only be added to relevant cases, not all cases. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →