Can Purview Risk/Compliance Roles and Groups be managed through Azure?

Jason Pickens 5 Reputation points
2023-09-19T18:31:12.2133333+00:00

MS Purview (formerly Security & Compliance) has a major gap when it comes to centrally managing roles and role groups. It is not synched or setup to be managed through Azure AD. Additionally, there is no known documentation to use Graph or PowerShell to manage this environment. It sits separately from AD roles/groups and must be manually configured and updated. Has anyone been able to solve for this? It seems that this is a major gap in MSFT's design for access and identity management.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
11,829 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,133 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Vasil Michev 103.9K Reputation points MVP
    2023-09-20T06:22:23.0333333+00:00

    Those are workload specific roles, much like you can have custom roles/role Groups in Exchange Online. Even though Microsoft has been steadily adding new AAD roles and introducing some RBAC controls, they will likely never match the set of individual roles/role groups within the Security/Compliance center, and I don't believe they're aiming at that, either.

    As for documentation, the set of Exchange role/role group management cmdlets applies. Though we have limited control over the SCC roles, compared to the Exchange ones.

    And, we are also seeing some indications that Graph API endpoints are coming, eventually. The /roleManagement endpoint recently added support for the Exchange Online provider. SCC ones are the next logical step.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.