One-line summary
Similar updates
More like thisDetails
Body (from Message Center)
Updated February 17, 2026: We have updated the content. Thank you for your patience.
[Introduction]
To strengthen security when Microsoft Purview interacts with Microsoft 365 services (Exchange, SharePoint, OneDrive, and Teams), we’re updating how roles are managed in Microsoft Purview. Certain admin roles in Purview will now be mapped to three newly created roles in Microsoft Entra. Role assignments will be synchronized between Purview roles and Entra roles without any customer action. This ensures that user permissions and identity flow securely from Purview to Microsoft 365. M365 services will only allow high-privileged operations like search/export to Purview users with the correct level of permissions in Entra, further protecting customer data.
[When this will happen:]
- General Availability (Worldwide): Rollout begins mid-February 2026, finishes by late March 2026.
[How this affects your organization:]
Who is affected: All customers with admins assigned to high-privileged roles in Purview that access Microsoft 365 data. These admins will have their assignments synced to Entra, meaning they will be assigned membership to mapped Entra roles.
What will happen:
- New roles will be created in Entra to map to Purview roles listed below.
- Existing role assignments will sync automatically.
- New assignments will sync from Purview to Entra within 15 minutes.
- If an admin has multiple Purview roles, they will receive the highest privilege Entra role: Administrator > Writer > Reader.
- Customers may see new Purview-specific Entra roles in audit logs.
- Do not assign to these roles directly in Entra; Purview manages them.
Role Mapping Table:
| Purview Role(s) | Mapped Entra Role |
|---|---|
Insider Risk Management Analysis | Purview Workload Content Reader |
| Hold Privacy Management Investigation Data Security Investigation Investigator | Purview Workload Content Writer |
| Search and Purge Data Security Investigation Admin Data Security Investigation Analyst (New Role) | Purview Workload Content Administrator |
Example: If you have both Export and Search and Purge roles, you’ll get the Purview Workload Content Administrator role in Entra.
[What you can do to prepare:]
- No action is required.
- Be aware that new Purview-specific Entra roles may appear in audit logs.
- Do not manually assign these roles in Entra; Purview will overwrite changes.
- For more details, review Microsoft Purview documentation.
[Compliance considerations:]
No compliance considerations identified; review as appropriate for your organization.
Raw JSON (for debugging)
Show/hide raw
{
"snapshot_item": {
"action_required_by": null,
"ai_action_required_by": "2026-02-15T00:00:00Z",
"ai_actions": [
"Be aware of role mapping and new Entra roles in audit logs",
"Do not manually assign mapped roles in Entra"
],
"ai_master_tags": [
"Admin",
"Security"
],
"ai_model": "gpt-4.1",
"ai_summary": "Microsoft Purview admin roles will map and sync to new Entra roles, enhancing security and role control for high-privilege access to Microsoft 365 data. No admin action required.",
"ai_topics": [
"Purview",
"Entra",
"Exchange",
"SharePoint",
"OneDrive",
"Teams"
],
"category": "stayInformed",
"details_map": {
"Summary": "Microsoft Purview is updating role management by mapping certain Purview admin roles to new Microsoft Entra roles, synchronizing assignments automatically from mid-February to late March 2026. No customer action is needed, but new Entra roles will appear in audit logs and should not be assigned manually."
},
"id": "MC1199765",
"importance": 3,
"is_major_change": false,
"last_modified": "2026-02-18T19:21:52Z",
"ms_products": [
"Purview"
],
"platforms": null,
"roadmap_ids": [],
"services": [
"Microsoft Purview"
],
"severity": "normal",
"tags": [
"Updated message",
"Feature update",
"Admin impact"
],
"title": "(Updated) Microsoft Purview: Role management update"
}
}