Microsoft Purview · Insider Risk Management
Insider Risk Management Session Approvers
Provides controlled approval and oversight of user session-based activities within Microsoft Purview Insider Risk Management, without granting access to investigations, alerts, cases, or sensitive content.
Scope: Session-based activity approval within Insider Risk Management without investigation access
Permissions
- Insider Risk Management Sessions - Approve or deny session-based activity requests
- Review session activity details for approval decisions
- View session request metadata and justifications
- CANNOT access alerts, cases, or investigation data
- CANNOT view sensitive content or forensic evidence
- CANNOT modify policies or settings
Common use cases
- Approving user session monitoring requests
- Providing management oversight for session-based activities
- Authorizing session captures for specific investigations
- Maintaining separation of duties for session approval workflows
Best practices
- Assign to managers or HR leads who authorize monitoring activities
- Keep separate from Investigator and Analyst roles for separation of duties
- Document approval justifications for audit trail
- Review session requests promptly to avoid investigation delays
Security considerations
- Approval authority for potentially intrusive session monitoring
- No access to investigation data — limited blast radius if compromised
- All approval decisions are logged in audit trail
- Important check-and-balance for employee monitoring activities