Microsoft Purview · Global & Security Roles
Global Administrator
Full administrative access to all Microsoft 365 and Purview features. However, Global Admin does NOT automatically grant access to certain Purview role groups.
Scope: Organization-wide access across all Microsoft 365 and Purview services
Permissions
- Full Access - Full administrative access to all Microsoft 365 services
- DLP Policies - Create and manage Microsoft Purview policies (DLP, retention, sensitivity labels)
- Security Settings - Configure compliance and security settings
- Role Assignment - Assign roles and permissions to other users
- Audit Logs - Access audit logs and compliance reports
Common use cases
- Initial Purview tenant setup and configuration
- Emergency access for critical compliance issues
- Cross-service compliance policy management
Best practices
- Limit to 2-5 people maximum
- Use PIM for just-in-time access
- Use dedicated admin accounts
- For daily Purview work, use Compliance Administrator instead
Security considerations
- Highest privilege role - compromise affects entire organization
- Never use for routine compliance tasks
- Monitor all Global Admin activities through audit logs