Oct 12 2019
- last edited on
Feb 01 2023
I’m struggling to find the right set of roles https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-secur... to grant the necessary permissions to change, create new DLP policies and sensitive information types in O365.
I’ve tried with the DLP Compliance Management Role as it seamed to be the right one since it allows to view and edit settings and reports for DLP policies but although I can see the edit settings I have now view in to the incidents and reports. What roles would I have to assign to be also able to view the DLP audit logs e.g. to see how changed a policy setc.
Oct 12 2019 09:38 AM
You probably need to add permissions to run the corresponding ExO cmdlets (the Get-DLP*report ones)
Oct 12 2019 10:57 AM
@Vasil Michev Thanks. So there's no other way to access it via the O365 web interface? How would one track changes to DLP policies or sensitive information types ?
Oct 13 2019 12:00 PM
Let's see if the suggestion above works, then we can think about other solutions. I'm traveling atm so I cannot test it, let us know if it works.