Updated August 11, 2023: We have updated the rollout timeline below. Thank you for your patience.
We’re rolling out a new capability that enables admins to delegate management and remediation authority for different people in different regions or organization units with role-based access control (RBAC) via Azure Active Directory Administrative Units. For example, German Admin Unit investigators would be able to investigate alerts and audit events for only German users.
The RBAC controls are available in the Microsoft Purview compliance portal for Information Protection and Data Loss Prevention related events.
This message is associated with Microsoft 365 Roadmap ID 93417
[When this will happen:]
Rollout will begin in early August 2023 (previously mid-July) and is expected to be complete end of August (previously early August).
[How this will affect your organization:]
If you choose to not use this Admin Units feature, there is no impact to your organization. If your organization requires delegations of tasks based on users in specific regions or organization units, please follow the steps to set up this capability:
- Set up Administrative Units (AU) in Azure Portal
- Ring-fence Purview Admin Permissions to Administrative Unit scopes
- Create and manage Admin Unit scoped MIP/DLP policies
- Investigate user scoped DLP Alerts, Incidents, and Logs in Purview
- Investigate user scoped Activities and events in Activity Explorer
Note- This Admin Units capability will be extended to Data Loss Prevention alerts in the Microsoft 365 Defender portal and can be tracked as part of the roadmap ID here: 162292
What you need to do to prepare:]
Get started with Information Protection and Data Loss Prevention in the Microsoft Purview compliance portal.
Learn more: Permissions in the Microsoft Purview compliance portal
