Microsoft Purview · Global & Security Roles
Security Reader
Read-only access to security features, reports, and alerts across Microsoft 365 including Purview compliance monitoring.
Scope: Organization-wide read-only access to security and compliance features
Permissions
- Security Alerts - View security policies, alerts, and incidents across Microsoft 365
- Compliance Reports - Read Purview compliance reports (DLP, retention, sensitivity labels, insider risk)
- Defender Dashboards - Access Microsoft Defender security dashboards and alerts
- Threat Protection - View threat protection policies and security settings
- Security Reports - Read security reports, analytics, and compliance dashboards
- Conditional Access - View Conditional Access policies and identity protection settings
- Audit Logs - Read audit logs and security events
- Compliance Center - Access security and compliance center read-only features
- DLP Incidents - View DLP policy matches and incidents
- Classification Reports - Read information protection and classification reports
- Insider Risk - View insider risk management and communication compliance dashboards
- Secure Score - Access security score and secure score recommendations
Common use cases
- Security analysts monitoring threats and incidents
- SOC team members reviewing security alerts and dashboards
- Compliance auditors reviewing security posture
- Executive leadership viewing security metrics and reports
- External auditors assessing security controls
- Help desk viewing security policies for troubleshooting
- Security consultants assessing security configuration
Best practices
- Use for SOC analysts and security team members who monitor but don't configure
- Ideal for executive security dashboards and reporting
- Assign to external auditors during security assessments
- Use for help desk staff who need to view security policies
- Good alternative to Security Administrator for read-only monitoring
- Combine with specific roles for limited write access where needed
- Review assignments quarterly to ensure continued need
Security considerations
- Cannot make changes - lowest risk security role
- Can view sensitive security information and compliance data
- May see security gaps or vulnerabilities - assign carefully
- Safe for external auditors and consultants
- No risk of accidental security policy changes
- Export capabilities should be monitored for sensitive data
Common questions
When should I assign the Security Reader role?
Assign Security Reader when you need to: Security analysts monitoring threats and incidents; SOC team members reviewing security alerts and dashboards; Compliance auditors reviewing security posture; Executive leadership viewing security metrics and reports; and External auditors assessing security controls. It is part of Microsoft Purview and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Security Reader role do?
The Security Reader role grants permissions including: Security Alerts - View security policies, alerts, and incidents across Microsoft 365; Compliance Reports - Read Purview compliance reports (DLP, retention, sensitivity labels, insider risk); Defender Dashboards - Access Microsoft Defender security dashboards and alerts; Threat Protection - View threat protection policies and security settings; Security Reports - Read security reports, analytics, and compliance dashboards; and Conditional Access - View Conditional Access policies and identity protection settings. See the Permissions section above for the full list.
What are the security risks of the Security Reader role?
Key considerations when assigning Security Reader: Cannot make changes - lowest risk security role; Can view sensitive security information and compliance data; May see security gaps or vulnerabilities - assign carefully; and Safe for external auditors and consultants. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.