Microsoft Purview · Insider Risk Management
Insider Risk Management Approvers
Approve forensic evidence capturing requests to ensure legal and privacy compliance before evidence collection.
Scope: Approval authority for forensic evidence capture
Permissions
- Request Review - Review forensic evidence capture requests
- Approval Authority - Approve or deny evidence collection
- Justification View - View justification for evidence requests
- Scope Setting - Set parameters for evidence capture scope
- Collection Monitoring - Monitor active evidence collection
- History Audit - Audit forensic evidence capture history
Common use cases
- Legal counsel approving evidence collection
- Privacy officers ensuring compliance with laws
- Chief Compliance Officer authorizing sensitive captures
- HR leadership approving employee monitoring
Best practices
- Review each request for legal sufficiency and privacy compliance
- Verify investigation justification before approval
- Document rationale for approval or denial decisions
- Ensure evidence capture scope is narrowly tailored
- Coordinate with legal counsel on sensitive cases
- Maintain approval audit trail for defensibility
- Consider employee notification requirements per local laws
Security considerations
- Approval gates prevent unauthorized surveillance
- Ensures legal review before intrusive evidence collection
- Protects organization from privacy law violations
- Approval decisions are logged and auditable
- Should not be combined with Investigator role to maintain separation