New Microsoft Purview Roles in Entra

Hi All,

Microsoft is rolling out three new Entra admin roles for Microsoft Purview to strengthen security when Purview interacts with Microsoft 365 services such as Exchange, SharePoint, OneDrive, and Teams.

New Entra Admin Roles:

• Purview Workload Content Reader
• Purview Workload Content Writer
• Purview Workload Content Administrator

The key point of these new roles is that Microsoft explicitly notes an admin should not directly assign them to users. These roles are managed through Purview role assignments. Any manual assignment in Entra will be overwritten by Purview.

• MS Learn Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview

My Entra Roles Check found these new Roles back in December

Let’s check with PowerShell

Connect-MgGraph -Scopes "Rolemanagement.Read.Directory" -NoWelcome
$Roles = Get-MgDirectoryRoleTemplate
$Roles | where {$ _. DisplayName -match "Purview"} | Select-Object ID, DisplayName, Description

It’s interesting that the Directory Role Templates are already available - but you can’t find the Roles in Entra Admin Center.

Maybe that’s still coming in February.

Regards
Andres Bohren