cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Secure Tech Accelerator
Apr 13 2023, 07:00 AM - 12:00 PM (PDT)
Microsoft Tech Community
Find out more

Can the access to Purview dashboard be denied to non-admin users?

frank_df
Occasional Contributor

‎Feb 13 2023 01:52 AM

‎Feb 13 2023 01:52 AM

Can the access to Purview dashboard be denied to non-admin users?

Hello,

in my organization we noticed that when a user browses the security dashboard (security.microsoft.com), they can easily access critical information about compliance using the "more resources" tab, even if they have no directory role at all:

frank_df_0-1676281345680.png

 

For example, they can access the Purview portal and see information they're not supposed to see about organization's compliance:

frank_df_1-1676281425172.png

 

frank_df_2-1676281524161.png

 

Can the "more resources" tab be hidden to the user?

Alternatively, can the access to the Purview dashboard be denied to non-admin users?

 

Thank you.

Labels:
126 Views
0 Likes
1 Reply
Reply
1 Reply
frank_df

‎Feb 13 2023 04:37 AM

‎Feb 13 2023 04:37 AM

Re: Can the access to Purview dashboard be denied to non-admin users?

I created a Conditional Access policy and selected all of the apps that seem to be related to the Compliance Center but it doesn't work:

 

frank_df_0-1676291290717.png

The policy is not applied because the application is "not matched":

frank_df_1-1676291455974.png

 

frank_df_2-1676291514276.png

 

The only way I found to make it work is by creating an Access Policy in Microsoft Defender for Cloud Apps but unfortunately the solution is not feasible because it is not granularly configurable and the directory is huge and complex.
We actually need a standard way to do that.

 

0 Likes
Reply