Microsoft Purview · Purview Agents (Preview)
Purview Agent Management
Dedicated role group for deploying and enabling all Purview agents. Contains the "Purview Content Analyst" role required to activate the DLP Triage Agent, IRM Triage Agent, and DSPM Posture Agent.
Scope: Agent deployment and enablement across all Purview agent types
Permissions
- Enable Agent Deployment - Activate the DLP Triage Agent, IRM Triage Agent, and DSPM Posture Agent
- Purview Content Analyst - Core role contained in this role group for agent enablement
- Agent Identity Setup - When combined with Role Management role, configure dedicated agent identity (recommended)
- Does NOT grant access to configure agent settings or view triaged results
- Does NOT grant access to underlying DLP, IRM, or DSPM data
Common use cases
- Initial deployment of Purview agents across the organization
- Enabling new agent types as they become available
- Setting up agent identity (with Role Management role from Purview Administrators)
- Granting agent enablement without configuration or data access
Best practices
- Limit to security operations leads or Purview administrators
- Use agent identity (recommended by Microsoft) instead of user identity when possible
- Assign separate operator roles for each agent type for least-privilege
- Review agent deployment with security team before enabling
- Document which agents are enabled and their configuration owners
Security considerations
- Enables AI agents that process organizational data
- Agent identity setup requires elevated Role Management permissions
- Agents consume Security Copilot SCUs — monitor for cost impact
- Does not grant data access — separate roles needed for configuration and viewing
- All agents run on Microsoft Security Copilot infrastructure