Microsoft Purview · Information Protection

Content Explorer Content Viewer

View actual contents of classified and labeled files for detailed classification verification.

Scope: Full Content Explorer access including file viewing

Permissions

  • All Content Explorer List Viewer permissions
  • View in-place rendering of file content
  • Read documents, emails, and files
  • Verify classification accuracy
  • Review sensitive content matches
  • Export evidence for compliance verification

Common use cases

  • Verifying auto-labeling accuracy
  • Investigating classification errors
  • Confirming sensitive content matches
  • Auditing protection effectiveness
  • Training and tuning classification models

Best practices

  • Access content only when necessary for verification
  • Document justification for each file view
  • Use for spot-checking classification accuracy
  • Coordinate with legal on content review protocols
  • Minimize scope of content review to what is needed
  • Use just-in-time access where possible

Security considerations

  • Extremely sensitive - can view all classified content
  • Must comply with privacy laws and regulations
  • All content access is logged and auditable
  • Should be limited to senior compliance staff
  • Consider using PIM for time-limited access
  • Require documented justification for each access

Common questions

When should I assign the Content Explorer Content Viewer role?

Assign Content Explorer Content Viewer when you need to: Verifying auto-labeling accuracy; Investigating classification errors; Confirming sensitive content matches; Auditing protection effectiveness; and Training and tuning classification models. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Content Explorer Content Viewer role do?

The Content Explorer Content Viewer role grants permissions including: All Content Explorer List Viewer permissions; View in-place rendering of file content; Read documents, emails, and files; Verify classification accuracy; Review sensitive content matches; and Export evidence for compliance verification. See the Permissions section above for the full list.

What are the security risks of the Content Explorer Content Viewer role?

Key considerations when assigning Content Explorer Content Viewer: Extremely sensitive - can view all classified content; Must comply with privacy laws and regulations; All content access is logged and auditable; and Should be limited to senior compliance staff. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →