Category
stayInformed
Severity
normal
Major change
False
Last modified
2025-12-18 23:40:28
Summary source
Azure OpenAI (gpt-4.1)
Action by (Graph)
—
Action by (AI)
2026-02-15 00:00:00
Services
Microsoft Purview
Tags
Feature update, Admin impact
Master tags
Security
Roadmap IDs
One-line summary
Purview admin roles will sync to new mapped Entra roles for secure permissions; rollout starts mid-February 2026, no admin action needed, do not assign these roles directly in Entra.
Similar updates
More like thisMC1183292 Microsoft Purview | Data Lifecycle Management - Introducing secure priority cleanup workflows for OneDrive/SharePoint
Microsoft Purview | Data Lifecycle Management - Introducing secure priority cleanup workflows for OneDrive/SharePoint Admins can now override retention policies to delete OneDrive and SharePoint content early using new Priority Cleanup policies in Microsoft Purview Data Lifecycle Management. ...Microsoft Purview Data Lifecycle Management that.
MC1182689 (Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center
(Updated) Microsoft Purview | New Copilot Security Controls in Microsoft Admin Center Microsoft Purview adds new DLP and security features in Admin Center to help admins monitor and control Copilot data sharing, with public preview starting mid-November 2025. Updated November 12, 2025: We have updated the content. [Introduction] To help.
MC1115304 (Updated) Introduction of secure workflow to bypass retention/legal holds on OneDrive and SharePoint
(Updated) Introduction of secure workflow to bypass retention/legal holds on OneDrive and SharePoint Admins can now bypass retention policies to delete OneDrive and SharePoint content early using new Purview Priority Cleanup policies, with enhanced... What and Why: We're introducing a new capability in Microsoft Purview Data Lifecycle Management.
MC1181768 Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies
Microsoft Purview: eDiscovery admin content access restrictions when not in compliance with Entra policies Microsoft Purview will enhance audit logging and enforce Entra conditional access for eDiscovery admins; non-compliant admins will be blocked from SharePoint content in Purview. To strengthen Microsoft’s security posture, we’re introducing .
MC1181769 Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer
Microsoft Purview: Integration with Entra GSA Internet Access to enable sensitive file filtering at the network layer Public preview of Purview DLP integration with Entra Global Secure Access enables network-layer inspection and enforc... [Introduction] To help organizations better protect sensitive files in transit, we're introducing a public.
MC791110 (Updated) Microsoft Purview | Data Lifecycle Management: New integration with Adaptive protection
(Updated) Microsoft Purview | Data Lifecycle Management: New integration with Adaptive protection Microsoft Purview integrates Adaptive protection with Data Lifecycle Management to auto-retain deleted items by elevated risk users; rollout starts June 2026. ... Coming soon for Microsoft Purview: We are announcing the public preview of the.
Details
Summary
Microsoft Purview will map certain admin roles to new Microsoft Entra roles to enhance security and synchronize permissions automatically by March 2026. High-privileged Purview roles will correspond to three Entra roles, with no customer action needed. Do not assign these roles directly in Entra.
Body (from Message Center)
[Introduction]
To strengthen security when Microsoft Purview interacts with Microsoft 365 services (Exchange, SharePoint, OneDrive, and Teams), we’re updating how roles are managed in Microsoft Purview. Certain admin roles in Purview will now be mapped to three newly created roles in Microsoft Entra. Role assignments will be synchronized between Purview roles and Entra roles without any customer action. This ensures that user permissions and identity flow securely from Purview to Microsoft 365. M365 services will only allow high-privileged operations like search/export to Purview users with the correct level of permissions in Entra, further protecting customer data.
[When this will happen:]
- General Availability (Worldwide): Rollout begins mid-February 2026, finishes by late March 2026.
[How this affects your organization:]
Who is affected: All customers with admins assigned to high-privileged roles in Purview that access Microsoft 365 data. These admins will have their assignments synced to Entra, meaning they will be assigned membership to mapped Entra roles.
What will happen:
- New roles will be created in Entra to map to Purview roles listed below.
- Existing role assignments will sync automatically.
- New assignments will sync from Purview to Entra within 15 minutes.
- If an admin has multiple Purview roles, they will receive the highest privilege Entra role: Administrator > Writer > Reader.
- Customers may see new Purview-specific Entra roles in audit logs.
- Do not assign to these roles directly in Entra; Purview manages them.
Role Mapping Table:
| Purview Role(s) | Mapped Entra Role |
|---|---|
| Insider Risk Management Analysis Insider Risk Management Investigation Compliance Search Export Privacy Management Admin Privacy Management Analysis Privacy Management Investigation Privacy Management Permanent Contribution Privacy Management Temporary Contribution Privacy Management Viewer | Purview Workload Content Reader |
| Hold Privacy Management Investigation | Purview Workload Content Writer |
| Search and Purge | Purview Workload Content Administrator |
Example: If you have both Export and Search and Purge roles, you’ll get the Purview Workload Content Administrator role in Entra.
[What you can do to prepare:]
- No action is required.
- Be aware that new Purview-specific Entra roles may appear in audit logs.
- Do not manually assign these roles in Entra; Purview will overwrite changes.
- For more details, review Microsoft Purview documentation.
[Compliance considerations:]
No compliance considerations identified; review as appropriate for your organization.
Raw JSON (for debugging)
Expand/collapse the full payload below.
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": "2026-02-15T00:00:00Z",
"ai_actions": [
"Review audit logs for new Purview-specific Entra roles",
"Do not assign mapped roles directly in Entra"
],
"ai_master_tags": [
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Purview admin roles will sync to new mapped Entra roles for secure permissions; rollout starts mid-February 2026, no admin action needed, do not assign these roles directly in Entra.",
"ai_topics": [
"Purview",
"Entra",
"Exchange",
"SharePoint",
"OneDrive",
"Teams"
],
"category": "stayInformed",
"details_map": {
"Summary": "Microsoft Purview will map certain admin roles to new Microsoft Entra roles to enhance security and synchronize permissions automatically by March 2026. High-privileged Purview roles will correspond to three Entra roles, with no customer action needed. Do not assign these roles directly in Entra."
},
"id": "MC1199765",
"importance": 2,
"is_major_change": false,
"last_modified": "2025-12-18T23:40:28Z",
"ms_products": [
"Purview"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Microsoft Purview"
],
"severity": "normal",
"tags": [
"Feature update",
"Admin impact"
],
"title": "Microsoft Purview: Role management update"
}
}