Microsoft Purview · Data Security Investigations

Data Security Investigations Reviewers

[Preview] Review and analyze assigned data security investigations. Manage investigation scope, run analysis activities, view data risk graphs, and contribute to mitigation plans without search/preview capabilities.

Scope: Read and analyze access to assigned Data Security Investigations with limited modification capabilities

Permissions

  • View and manage investigation scope for assigned investigations
  • Add, delete, and manage items for mitigation plans
  • Run categorization activities on investigated data
  • Run examination activities for data analysis
  • Run vector searches for pattern identification
  • View and interact with data risk graphs
  • Export investigation results for assigned cases
  • Access case details and investigation metadata
  • Collaborate on mitigation plan development
  • Review investigation findings and analysis
  • No ability to create searches or preview file content
  • No ability to create new investigations

Common use cases

  • Security manager reviewing investigation findings and progress
  • Compliance officer assessing investigation outcomes for regulatory reporting
  • Privacy officer reviewing data access investigations for privacy implications
  • Risk management analyst evaluating data security incident impact
  • Executive stakeholder monitoring high-priority investigation status
  • Legal counsel reviewing investigation scope and methodology
  • Audit committee member assessing investigation processes
  • Business unit leader reviewing investigations affecting their department
  • External auditor validating data security investigation controls
  • Consultant providing specialized analysis without search permissions

Best practices

  • Use for oversight, review, and analytical support roles
  • Focus on data risk graph analysis to identify patterns and relationships
  • Contribute to mitigation plans with business context and recommendations
  • Use categorization to help organize investigation findings
  • Leverage vector searches to identify similar incidents or patterns
  • Provide subject matter expertise without requiring search permissions
  • Review investigation scope to ensure alignment with objectives
  • Export investigation summaries for reporting to stakeholders
  • Collaborate with Investigators to provide analytical insights
  • Ideal for time-limited assignments (consultants, auditors, executives)

Security considerations

  • Lowest privilege DSI role - no search or content preview capabilities
  • Can view investigation metadata and scope but not sensitive file content
  • Appropriate for external auditors or consultants with limited access needs
  • All activities still logged in Microsoft 365 unified audit log
  • Cannot create investigations or searches - minimizes risk exposure
  • Limited to assigned investigations only
  • Suitable for oversight roles requiring investigation visibility without data access

Common questions

When should I assign the Data Security Investigations Reviewers role?

Assign Data Security Investigations Reviewers when you need to: Security manager reviewing investigation findings and progress; Compliance officer assessing investigation outcomes for regulatory reporting; Privacy officer reviewing data access investigations for privacy implications; Risk management analyst evaluating data security incident impact; and Executive stakeholder monitoring high-priority investigation status. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Data Security Investigations Reviewers role do?

The Data Security Investigations Reviewers role grants permissions including: View and manage investigation scope for assigned investigations; Add, delete, and manage items for mitigation plans; Run categorization activities on investigated data; Run examination activities for data analysis; Run vector searches for pattern identification; and View and interact with data risk graphs. See the Permissions section above for the full list.

What are the security risks of the Data Security Investigations Reviewers role?

Key considerations when assigning Data Security Investigations Reviewers: Lowest privilege DSI role - no search or content preview capabilities; Can view investigation metadata and scope but not sensitive file content; Appropriate for external auditors or consultants with limited access needs; and All activities still logged in Microsoft 365 unified audit log. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →