cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

365 security roles and data protection

CB1
Brass Contributor

‎Feb 18 2021 06:16 AM

‎Feb 18 2021 06:16 AM

365 security roles and data protection

Which specific roles and/or permissions in a 365 tenant would allow the user, where granted, the ability to view:
-all Mailbox content for all users/mailboxes, e.g. view the content of their inbox?
-all SharePoint content across the system

I appreciate there are the obvious, e.g. 'SharePoint administrator, 'Exchange administrator', 'Global administrator' etc, but I want to be sure there are no others that could easily be missed if working purely off default roles and permissions. In many other platforms there are ways of assigning specific privileges to custom roles which can purposely or inadvertently grant access to sensitive data, and therefore knowing of those specifics, and checking who has been granted those would be very useful. 

Out of interest, does the global reader role, even though supposedly intended as a read only representation of the global admin account have 'global read access' within the various Microsoft services, e.g. can view user data within Exchange mailboxes, SharePoint sites etc. 

Labels:
688 Views
0 Likes
1 Reply
Reply
1 Reply
Vasil Michev

‎Feb 18 2021 09:43 AM

‎Feb 18 2021 09:43 AM

Re: 365 security roles and data protection

None of the default roles can access content within mailboxes, you need to specifically grant Full Access permissions for that, or use tools such as eDiscovery. For SPO, you will have access to the default site collection, but that can be adjusted as needed. If you need additional details, run a search online - this is a fairly common question and there are lots of articles discussing it.

0 Likes
Reply