Microsoft Purview · Global & Security Roles
Service Assurance User
Members can access the Service Assurance section in the Microsoft Purview portal. Service Assurance provides reports and documents that describe Microsoft's security practices for customer data stored in Microsoft 365, including SOC reports, ISO certifications, and penetration test results.
Scope: Read-only access to Microsoft's service assurance documentation and compliance reports
Permissions
- Service Assurance View - Access Service Trust Portal documents
- Download SOC 1/2/3 audit reports
- Access ISO 27001, 27017, 27018 certifications
- View FedRAMP, HIPAA, GDPR compliance documentation
- Access penetration testing summaries
- View Microsoft data protection practices
Common use cases
- Customer due diligence and vendor risk assessments
- Regulatory audit evidence gathering (SOC 2, ISO, HIPAA)
- Responding to customer security questionnaires
- Internal compliance program documentation
- Privacy impact assessments referencing Microsoft's practices
Best practices
- Assign to compliance, audit, and legal teams who handle customer due diligence
- Refresh documents annually as Microsoft publishes new reports
- Combine with Compliance Manager access for end-to-end compliance reporting
- Document chain of custody when sharing reports with auditors
Security considerations
- Service Assurance documents may be confidential under NDA
- Reports describe Microsoft's security posture — handle per Microsoft NDA terms
- No access to customer data — purely Microsoft compliance documentation
Common questions
When should I assign the Service Assurance User role?
Assign Service Assurance User when you need to: Customer due diligence and vendor risk assessments; Regulatory audit evidence gathering (SOC 2, ISO, HIPAA); Responding to customer security questionnaires; Internal compliance program documentation; and Privacy impact assessments referencing Microsoft's practices. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Service Assurance User role do?
The Service Assurance User role grants permissions including: Service Assurance View - Access Service Trust Portal documents; Download SOC 1/2/3 audit reports; Access ISO 27001, 27017, 27018 certifications; View FedRAMP, HIPAA, GDPR compliance documentation; Access penetration testing summaries; and View Microsoft data protection practices. See the Permissions section above for the full list.
What are the security risks of the Service Assurance User role?
Key considerations when assigning Service Assurance User: Service Assurance documents may be confidential under NDA; Reports describe Microsoft's security posture — handle per Microsoft NDA terms; and No access to customer data — purely Microsoft compliance documentation. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.