cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About roles of Security Administrator, Compliance Administrator, Mailflow Administrator

hongwoo_jin
Brass Contributor

‎Jul 20 2021 11:35 PM

‎Jul 20 2021 11:35 PM

About roles of Security Administrator, Compliance Administrator, Mailflow Administrator

Hi, 

Anyone who knows with those administrator roles can see customer's own personal informaiton data with company confidential information data??

Customer concerned about assignning those roles to specific users when considering the Personal Information Protection Act and EAR regulations. 

 

Thx

4,475 Views
0 Likes
4 Replies
Reply
4 Replies
pvanberlo

‎Jul 20 2021 11:44 PM

‎Jul 20 2021 11:44 PM

Re: About roles of Security Administrator, Compliance Administrator, Mailflow Administrator

The answer is yes. They all allow a certain level of insight into the data, maybe not directly data stored in a mailbox etc, but may still show high level information that can still contain PII. The role from your list that gives the broadest access to data is the Compliance Administrator. For example, the Compliance Administrator can do content searches, which can be done across various workloads and could return eg. emails, chats, OneDrive data, etc.

Many companies of course state in their policies that company tools should only be used for company purposes, but at the same time local law might state that eg. a mailbox is considered "private" even if it's a business mailbox.
1 Like
Reply
hongwoo_jin

‎Jul 21 2021 01:59 AM

‎Jul 21 2021 01:59 AM

Re: About roles of Security Administrator, Compliance Administrator, Mailflow Administrator

Thx. Pvanberlo 's your reply
But you mean all administrator roles which I mentioned before , Security Administrator, Compliance Administrator, Mailflow Administrator are showing high level information that can still contain PII.
Or only Compliance administrator do it?

Thx
0 Likes
Reply
pvanberlo

‎Jul 21 2021 02:28 AM

‎Jul 21 2021 02:28 AM

Re: About roles of Security Administrator, Compliance Administrator, Mailflow Administrator

Compliance Administrator has the broadest access (due to the ability to do a content search).

It's probably best to have a look at the overview of permissions provided by each role for the others. For example, Mailflow Administrator provides the View-Only Recipients permission. This provides access to reports, which may contain information that could be considered PII, but it doesn't provide actual e-mail content for example.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-secur...
1 Like
Reply
hongwoo_jin

‎Jul 22 2021 05:49 PM

‎Jul 22 2021 05:49 PM

Re: About roles of Security Administrator, Compliance Administrator, Mailflow Administrator

How about Security Administrator is?
If I check that role can do only about activity or security policies , it looks only works not data but settings. How about your opinion?

https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#compliance-admin...
0 Likes
Reply