Microsoft Entra ID · Security & Compliance

Compliance Administrator

Can read and manage compliance configuration and reports across Microsoft Entra ID and Microsoft 365 including DLP, retention, sensitivity labels, and eDiscovery.

Scope: Full Microsoft 365 compliance administration across Purview and related services

Permissions

  • Azure Information Protection management
  • Manage Azure service health
  • Create Azure support tickets
  • Read entitlement management
  • Compliance Manager administration
  • Manage M365 service health
  • Create M365 support tickets
  • Read admin center properties
  • Manage Microsoft Purview compliance features
  • Configure DLP, retention, and sensitivity labels
  • Manage eDiscovery and content search
  • View compliance reports and dashboards
  • Configure Information Protection policies
  • Manage communication compliance
  • Configure insider risk management

Common use cases

  • Compliance program management
  • DLP policy configuration and management
  • Information Protection and sensitivity labels
  • eDiscovery case management
  • Retention and records management
  • Communication compliance policies
  • Insider risk management configuration
  • Compliance Manager assessments
  • Regulatory compliance reporting
  • Data classification and labeling

Best practices

  • Use Purview roles for granular delegation
  • Coordinate with Security Administrator
  • Document compliance policies and procedures
  • Review DLP policy matches regularly
  • Test policies in simulation mode first
  • Implement change management for policy changes
  • Use sensitivity labels consistently
  • Review eDiscovery case access
  • Monitor compliance score trends
  • Coordinate with Legal on eDiscovery
  • Use PIM for elevated access

Security considerations

  • Can access sensitive content via eDiscovery
  • Can configure policies affecting data handling
  • Can view compliance investigation data
  • eDiscovery access should be carefully controlled
  • Audit all eDiscovery case creation
  • Monitor for policy changes affecting data protection
  • Consider separation from content reviewer roles
  • Coordinate insider risk access carefully

Official Microsoft Learn documentation →

Open the interactive RBACMap →