Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community

Can the access to Purview dashboard be denied to non-admin users?

Copper Contributor

Hello,

in my organization we noticed that when a user browses the security dashboard (security.microsoft.com), they can easily access critical information about compliance using the "more resources" tab, even if they have no directory role at all:

frank_df_0-1676281345680.png

 

For example, they can access the Purview portal and see information they're not supposed to see about organization's compliance:

frank_df_1-1676281425172.png

 

frank_df_2-1676281524161.png

 

Can the "more resources" tab be hidden to the user?

Alternatively, can the access to the Purview dashboard be denied to non-admin users?

 

Thank you.

1 Reply

I created a Conditional Access policy and selected all of the apps that seem to be related to the Compliance Center but it doesn't work:

 

frank_df_0-1676291290717.png

The policy is not applied because the application is "not matched":

frank_df_1-1676291455974.png

 

frank_df_2-1676291514276.png

 

The only way I found to make it work is by creating an Access Policy in Microsoft Defender for Cloud Apps but unfortunately the solution is not feasible because it is not granularly configurable and the directory is huge and complex.
We actually need a standard way to do that.