Microsoft Purview · DSPM (Classic)

Data Security Management

Comprehensive DSPM role with full access to insights, Security Copilot integration, and ability to manage DLP, Information Protection, and Insider Risk Management solutions.

Scope: Organization-wide comprehensive data security posture management with full control over DLP, Information Protection, and Insider Risk Management

Permissions

  • View all Data Security Posture Management (DSPM) insights and analytics dashboards
  • Use Microsoft Security Copilot for Security in DSPM for AI-powered investigations
  • Access DSPM recommendations to create DLP and Insider Risk Management policies
  • Monitor unprotected sensitive data across Exchange, SharePoint, OneDrive, Teams
  • Track data security posture trends and analytics reports over time
  • Investigate data security risks using Copilot promptbooks and custom prompts
  • Create and manage DLP policies from DSPM recommendations
  • Create and manage Insider Risk Management policies from DSPM recommendations
  • Create Adaptive Protection policies to dynamically apply DLP based on user risk
  • Manage Information Protection labels and auto-labeling policies
  • Access Content Explorer to view classified and labeled file content
  • Review sensitivity label usage, DLP policy coverage, and risky user behavior trends
  • Configure analytics in Insider Risk Management and DLP for DSPM scanning
  • Full Information Protection Admin permissions (DLP, sensitivity labels, classifiers)
  • Full Information Protection Analyst permissions (alerts, Activity Explorer)
  • Full Information Protection Investigator permissions (Content Explorer)
  • Full Insider Risk Management Admin permissions (policies, Adaptive Protection)
  • Full Insider Risk Management Analysis permissions (alerts, cases, analytics)
  • Full Insider Risk Management Approval permissions (forensic evidence approval)
  • Full Insider Risk Management Audit permissions (audit log access)
  • Full Insider Risk Management Investigation permissions (Content Explorer, forensic evidence)
  • Includes all roles: Case Management, Custodian, Data Connector Admin, and more

Common use cases

  • Chief Information Security Officer (CISO) with comprehensive data security oversight
  • Data Protection Officer (DPO) managing holistic data protection compliance program
  • Chief Compliance Officer orchestrating integrated data security strategy
  • Security Operations Center (SOC) lead coordinating data loss prevention and insider threat
  • Enterprise security architect implementing end-to-end data protection framework
  • Senior security analyst with Security Copilot access for AI-powered threat investigation
  • Regulatory compliance manager overseeing GDPR, HIPAA, PCI-DSS, SOX compliance
  • Insider threat program director managing behavioral analytics and Adaptive Protection
  • Information governance leader coordinating classification, DLP, and retention
  • Security consultant implementing comprehensive Microsoft Purview data security solutions

Best practices

  • Enable analytics in Insider Risk Management and DLP before configuring DSPM (auto-enabled on opt-in)
  • Allow 24-72 hours for initial DSPM analytics processing and scanning after opt-in
  • Use Security Copilot promptbooks for guided investigation of top data security risks
  • Review DSPM recommendations daily and create policies to close data security gaps
  • Implement Adaptive Protection to dynamically apply DLP based on insider risk levels
  • Coordinate DSPM insights with existing DLP, Information Protection, and Insider Risk policies
  • Use DSPM trends and reports to track data security posture improvement over time
  • Leverage AI-powered recommendations to prioritize high-impact policy creation
  • Start with quick-win recommendations for immediate risk reduction (prevent printing sensitive files)
  • Use DSPM to identify gaps in existing policy coverage without manual policy review
  • Configure Security Copilot custom prompts to investigate specific organizational data risks
  • Regular review of unprotected sensitive assets reports to identify new risk areas
  • Monitor sensitivity label usage trends to measure classification program effectiveness
  • Track risky user behavior patterns to identify training needs or process improvements
  • Use DSPM analytics to demonstrate compliance program effectiveness to leadership and auditors
  • Coordinate with business units before creating restrictive DLP policies from recommendations
  • Document DSPM-driven policy decisions for audit trail and regulatory compliance evidence
  • Test policies in simulation mode before enforcement when creating from DSPM recommendations

Security considerations

  • Extremely broad access - combines DLP, Information Protection, and Insider Risk Management permissions
  • Can view highly sensitive employee communications and file content via Content Explorer
  • Must comply with privacy laws and employment regulations (GDPR, CCPA, local privacy laws)
  • All activities logged in unified audit log - subject to oversight and regulatory review
  • Security Copilot access requires appropriate safeguards and responsible AI usage
  • DSPM analytics processes data across multiple Purview solutions - consider privacy impact
  • Consider using Privileged Identity Management (PIM) for just-in-time activation
  • Should maintain separation from IT infrastructure admin roles for segregation of duties
  • Content Explorer access extremely sensitive - can view executive and privileged documents
  • Forensic evidence approval permissions enable intrusive device monitoring
  • Policy creation from recommendations can impact entire organization - test thoroughly
  • Adaptive Protection configuration affects dynamic DLP enforcement based on user risk
  • DSPM scanning may reveal business-sensitive data patterns and organizational vulnerabilities
  • Limit role assignment to 2-5 senior security/compliance leaders maximum
  • Require MFA, conditional access, and compliant device for all access
  • Monitor Security Copilot usage to ensure appropriate and ethical AI-powered investigations
  • Administrative units restrictions can prevent DSPM access - verify permissions
  • Coordinate with legal counsel on employee monitoring and investigation practices

Official Microsoft Learn documentation →

Open the interactive RBACMap →