Microsoft Purview · Insider Risk Management

IRM Contributors

System role group. Visible in the Purview portal but used by background services only — do not assign users directly. Provides permissions that allow Insider Risk Management automation to function (permanent and temporary contributions to insider risk signals).

Scope: Background service permissions for Insider Risk Management automation — not for human assignment

Permissions

  • Insider Risk Management Permanent Contribution - Persistent IRM signal contributions
  • Insider Risk Management Temporary Contribution - Time-bound IRM signal contributions

Common use cases

  • Internal Microsoft 365 service authentication for IRM features
  • Background processing of IRM signals from connected services
  • Automated risk score contributions

Best practices

  • Do NOT assign users to this role group
  • Treat as a system role group — leave membership as Microsoft configures it
  • If you see unexpected members, investigate as a potential security issue
  • Audit membership changes via Purview audit logs

Security considerations

  • Unauthorized membership could be used to suppress or manipulate IRM signals
  • Monitor for membership additions in audit logs
  • No legitimate reason for a human user to be a member

Common questions

When should I assign the IRM Contributors role?

Assign IRM Contributors when you need to: Internal Microsoft 365 service authentication for IRM features; Background processing of IRM signals from connected services; and Automated risk score contributions. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the IRM Contributors role do?

The IRM Contributors role grants permissions including: Insider Risk Management Permanent Contribution - Persistent IRM signal contributions; and Insider Risk Management Temporary Contribution - Time-bound IRM signal contributions. See the Permissions section above for the full list.

What are the security risks of the IRM Contributors role?

Key considerations when assigning IRM Contributors: Unauthorized membership could be used to suppress or manipulate IRM signals; Monitor for membership additions in audit logs; and No legitimate reason for a human user to be a member. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →