Microsoft Purview · Global & Security Roles

Global Reader

Read-only access across all Microsoft 365 and Purview features without the ability to make changes.

Scope: Organization-wide read-only access to all Microsoft 365 services and Purview settings

Permissions

  • Tenant Settings - View all Microsoft 365 and Entra ID settings
  • Compliance Configuration - Read all compliance and security configurations
  • Reports - Access Purview reports and analytics
  • User Information - View user and group information
  • Audit Logs - Read audit logs and activity reports

Common use cases

  • Compliance auditors needing visibility
  • Executive dashboards and reporting
  • External consultants reviewing compliance posture

Best practices

  • Use for auditors who need visibility without change permissions
  • Ideal for executive reporting and compliance dashboards
  • Safer alternative to Global Admin for read-only needs

Common questions

When should I assign the Global Reader role?

Assign Global Reader when you need to: Compliance auditors needing visibility; Executive dashboards and reporting; and External consultants reviewing compliance posture. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Global Reader role do?

The Global Reader role grants permissions including: Tenant Settings - View all Microsoft 365 and Entra ID settings; Compliance Configuration - Read all compliance and security configurations; Reports - Access Purview reports and analytics; User Information - View user and group information; and Audit Logs - Read audit logs and activity reports. See the Permissions section above for the full list.

Official Microsoft Learn documentation →

Open the interactive RBACMap →