O365 RBAC for DLP in Security & Compliance Center

%3CLINGO-SUB%20id%3D%22lingo-sub-910648%22%20slang%3D%22en-US%22%3EO365%20RBAC%20for%20DLP%20in%20Security%20%26amp%3B%20Compliance%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910648%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%E2%80%99m%20struggling%20to%20find%20the%20right%20set%20of%20roles%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fpermissions-in-the-security-and-compliance-center%23roles-in-the-security--compliance-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Fpermissions-in-the-security-and-compliance-center%23roles-in-the-security--compliance-center%3C%2FA%3E%20to%20grant%20the%26nbsp%3B%20necessary%20permissions%20to%20change%2C%20create%20new%20DLP%20policies%20and%20sensitive%20information%20types%20in%20O365.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%E2%80%99ve%20tried%20with%20the%20%3CU%3EDLP%20Compliance%20Management%20Role%3C%2FU%3E%20as%20it%20seamed%20to%20be%20the%20right%20one%20since%20it%20allows%20to%20view%20and%20edit%20settings%20and%20reports%20for%20DLP%20policies%20but%20although%20I%20can%20see%20the%20edit%20settings%20I%20have%20now%20view%20in%20to%20the%20incidents%20and%20reports.%20What%20roles%20would%20I%20have%20to%20assign%20to%20be%20also%20able%20to%20view%20the%20DLP%20audit%20logs%20e.g.%20to%20see%20how%20changed%20a%20policy%20setc.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-910648%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EDLP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-910728%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20RBAC%20for%20DLP%20in%20Security%20%26amp%3B%20Compliance%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910728%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20probably%20need%20to%20add%20permissions%20to%20run%20the%20corresponding%20ExO%20cmdlets%20(the%20Get-DLP*report%20ones)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-910809%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20RBAC%20for%20DLP%20in%20Security%20%26amp%3B%20Compliance%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910809%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BThanks.%20So%20there's%20no%20other%20way%20to%20access%20it%20via%20the%20O365%20web%20interface%3F%20How%20would%20one%20track%20changes%20to%20DLP%20policies%20or%20sensitive%20information%20types%20%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-911307%22%20slang%3D%22en-US%22%3ERe%3A%20O365%20RBAC%20for%20DLP%20in%20Security%20%26amp%3B%20Compliance%20Center%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-911307%22%20slang%3D%22en-US%22%3E%3CP%3ELet's%20see%20if%20the%20suggestion%20above%20works%2C%20then%20we%20can%20think%20about%20other%20solutions.%20I'm%20traveling%20atm%20so%20I%20cannot%20test%20it%2C%20let%20us%20know%20if%20it%20works.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

Hi,

 

I’m struggling to find the right set of roles https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-secur... to grant the  necessary permissions to change, create new DLP policies and sensitive information types in O365.

 

I’ve tried with the DLP Compliance Management Role as it seamed to be the right one since it allows to view and edit settings and reports for DLP policies but although I can see the edit settings I have now view in to the incidents and reports. What roles would I have to assign to be also able to view the DLP audit logs e.g. to see how changed a policy setc. 

 

 

Thanks! 

3 Replies
Highlighted

You probably need to add permissions to run the corresponding ExO cmdlets (the Get-DLP*report ones)

Highlighted

@Vasil Michev Thanks. So there's no other way to access it via the O365 web interface? How would one track changes to DLP policies or sensitive information types ? 

Highlighted

Let's see if the suggestion above works, then we can think about other solutions. I'm traveling atm so I cannot test it, let us know if it works.