Add to Remediation is unavailable without Search and Purge

Greetings, 

Per the Microsoft documentation there should be the ability to add malicious emails to a remediation container without requiring the search and purge role. This remediation container should then be in the action center waiting for a security analyst with the search and purge role to approve or deny the pending action. 

 

Currently as it stands, adding to remediation container requires the user to have search and purge. The search and purge role allows the user to move emails in inboxes, both soft and hard delete emails. If an analyst needs the search and purge role to add to a remediation container this does not adhere to principal of least permissions, because the analyst can simply delete the emails themselves or approve the remediation container that they themselves made.  

 

Having the base security admin roles have the ability to add to remediation containers allows for lower tiered analyst to do phishing investigations, and designate emails for removal, without having the ability to hard delete a user's inbox. 

 

Reference: MS documentation outlining Two step approval: