Microsoft Purview · Global & Security Roles

Security Reader

Read-only access to security features, reports, and alerts across Microsoft 365 including Purview compliance monitoring.

Scope: Organization-wide read-only access to security and compliance features

Permissions

  • Security Alerts - View security policies, alerts, and incidents across Microsoft 365
  • Compliance Reports - Read Purview compliance reports (DLP, retention, sensitivity labels, insider risk)
  • Defender Dashboards - Access Microsoft Defender security dashboards and alerts
  • Threat Protection - View threat protection policies and security settings
  • Security Reports - Read security reports, analytics, and compliance dashboards
  • Conditional Access - View Conditional Access policies and identity protection settings
  • Audit Logs - Read audit logs and security events
  • Compliance Center - Access security and compliance center read-only features
  • DLP Incidents - View DLP policy matches and incidents
  • Classification Reports - Read information protection and classification reports
  • Insider Risk - View insider risk management and communication compliance dashboards
  • Secure Score - Access security score and secure score recommendations

Common use cases

  • Security analysts monitoring threats and incidents
  • SOC team members reviewing security alerts and dashboards
  • Compliance auditors reviewing security posture
  • Executive leadership viewing security metrics and reports
  • External auditors assessing security controls
  • Help desk viewing security policies for troubleshooting
  • Security consultants assessing security configuration

Best practices

  • Use for SOC analysts and security team members who monitor but don't configure
  • Ideal for executive security dashboards and reporting
  • Assign to external auditors during security assessments
  • Use for help desk staff who need to view security policies
  • Good alternative to Security Administrator for read-only monitoring
  • Combine with specific roles for limited write access where needed
  • Review assignments quarterly to ensure continued need

Security considerations

  • Cannot make changes - lowest risk security role
  • Can view sensitive security information and compliance data
  • May see security gaps or vulnerabilities - assign carefully
  • Safe for external auditors and consultants
  • No risk of accidental security policy changes
  • Export capabilities should be monitored for sensitive data

Official Microsoft Learn documentation →

Open the interactive RBACMap →