Microsoft Entra ID · Security & Compliance
Compliance Data Administrator
Creates and manages compliance content, tracks data in Microsoft Purview, and can perform eDiscovery operations.
Scope: Data governance and compliance content management across Microsoft 365
Permissions
- Create and manage compliance content
- Monitor compliance policies across M365
- Manage compliance alerts
- Track data in Purview compliance portal
- Perform data governance operations
- Manage data classification
- Create and manage file policies in Defender for Cloud Apps
Common use cases
- eDiscovery case management
- Data classification configuration
- Compliance policy monitoring
- Data loss prevention oversight
- Information governance
- Audit log analysis for compliance
Best practices
- Coordinate with Compliance Administrator
- Document data classification policies
- Regular compliance posture reviews
- Implement retention policies carefully
- Use sensitivity labels appropriately
Security considerations
- Can access sensitive compliance data
- eDiscovery access may expose confidential content
- Data classification affects protection
- Audit all compliance data access
Common questions
When should I assign the Compliance Data Administrator role?
Assign Compliance Data Administrator when you need to: eDiscovery case management; Data classification configuration; Compliance policy monitoring; Data loss prevention oversight; and Information governance. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Compliance Data Administrator role do?
The Compliance Data Administrator role grants permissions including: Create and manage compliance content; Monitor compliance policies across M365; Manage compliance alerts; Track data in Purview compliance portal; Perform data governance operations; and Manage data classification. See the Permissions section above for the full list.
What are the security risks of the Compliance Data Administrator role?
Key considerations when assigning Compliance Data Administrator: Can access sensitive compliance data; eDiscovery access may expose confidential content; Data classification affects protection; and Audit all compliance data access. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.