Microsoft Purview · Data Security Investigations

Data Security Investigations Reviewers

[Preview] Review and analyze assigned data security investigations. Manage investigation scope, run analysis activities, view data risk graphs, and contribute to mitigation plans without search/preview capabilities.

Scope: Read and analyze access to assigned Data Security Investigations with limited modification capabilities

Permissions

  • View and manage investigation scope for assigned investigations
  • Add, delete, and manage items for mitigation plans
  • Run categorization activities on investigated data
  • Run examination activities for data analysis
  • Run vector searches for pattern identification
  • View and interact with data risk graphs
  • Export investigation results for assigned cases
  • Access case details and investigation metadata
  • Collaborate on mitigation plan development
  • Review investigation findings and analysis
  • No ability to create searches or preview file content
  • No ability to create new investigations

Common use cases

  • Security manager reviewing investigation findings and progress
  • Compliance officer assessing investigation outcomes for regulatory reporting
  • Privacy officer reviewing data access investigations for privacy implications
  • Risk management analyst evaluating data security incident impact
  • Executive stakeholder monitoring high-priority investigation status
  • Legal counsel reviewing investigation scope and methodology
  • Audit committee member assessing investigation processes
  • Business unit leader reviewing investigations affecting their department
  • External auditor validating data security investigation controls
  • Consultant providing specialized analysis without search permissions

Best practices

  • Use for oversight, review, and analytical support roles
  • Focus on data risk graph analysis to identify patterns and relationships
  • Contribute to mitigation plans with business context and recommendations
  • Use categorization to help organize investigation findings
  • Leverage vector searches to identify similar incidents or patterns
  • Provide subject matter expertise without requiring search permissions
  • Review investigation scope to ensure alignment with objectives
  • Export investigation summaries for reporting to stakeholders
  • Collaborate with Investigators to provide analytical insights
  • Ideal for time-limited assignments (consultants, auditors, executives)

Security considerations

  • Lowest privilege DSI role - no search or content preview capabilities
  • Can view investigation metadata and scope but not sensitive file content
  • Appropriate for external auditors or consultants with limited access needs
  • All activities still logged in Microsoft 365 unified audit log
  • Cannot create investigations or searches - minimizes risk exposure
  • Limited to assigned investigations only
  • Suitable for oversight roles requiring investigation visibility without data access

Official Microsoft Learn documentation →

Open the interactive RBACMap →