Microsoft Entra ID · Security & Compliance

Compliance Data Administrator

Creates and manages compliance content, tracks data in Microsoft Purview, and can perform eDiscovery operations.

Scope: Data governance and compliance content management across Microsoft 365

Permissions

  • Create and manage compliance content
  • Monitor compliance policies across M365
  • Manage compliance alerts
  • Track data in Purview compliance portal
  • Perform data governance operations
  • Manage data classification
  • Create and manage file policies in Defender for Cloud Apps

Common use cases

  • eDiscovery case management
  • Data classification configuration
  • Compliance policy monitoring
  • Data loss prevention oversight
  • Information governance
  • Audit log analysis for compliance

Best practices

  • Coordinate with Compliance Administrator
  • Document data classification policies
  • Regular compliance posture reviews
  • Implement retention policies carefully
  • Use sensitivity labels appropriately

Security considerations

  • Can access sensitive compliance data
  • eDiscovery access may expose confidential content
  • Data classification affects protection
  • Audit all compliance data access

Common questions

When should I assign the Compliance Data Administrator role?

Assign Compliance Data Administrator when you need to: eDiscovery case management; Data classification configuration; Compliance policy monitoring; Data loss prevention oversight; and Information governance. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Compliance Data Administrator role do?

The Compliance Data Administrator role grants permissions including: Create and manage compliance content; Monitor compliance policies across M365; Manage compliance alerts; Track data in Purview compliance portal; Perform data governance operations; and Manage data classification. See the Permissions section above for the full list.

What are the security risks of the Compliance Data Administrator role?

Key considerations when assigning Compliance Data Administrator: Can access sensitive compliance data; eDiscovery access may expose confidential content; Data classification affects protection; and Audit all compliance data access. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →