Microsoft 365: Microsoft Purview – How to access the content of Content explorer by assigning the required roles to the user – Data Governance
“If you have knowledge, let others light their candles in it.”
Hope you all are doing well.
Today I am going to discuss about how to access Content explorer by assigning the required roles to the user using Microsoft Purview compliance portal
If you want to know about Microsoft Purview, then you can read the previous article link for following is given below – https://knowledge-junction.in/2023/05/11/microsoft-365-exploring-microsoft-purview-introduction-simplifying-concepts-study-material-for-exam-sc-900-microsoft-security-compliance-and-identity-fundamentals/
Key takeaways from this article
At the end of this article we will understand
- We will understand about Content explorer in Microsoft Purview
- Licenses requirement to access the Content explorer in Microsoft Purview
- Roles/Permission for performing the operation on Microsoft Purview Content explorer
- Understand how to assign the role group to specific users.
- We will also understand about how to use Content explorer.
- The Content explorer is a tab in the compliance center’s data categorization pane. It gives administrators access to the source content that’s currently stored in SharePoint, OneDrive, Teams and Exchange in the overview pane that has been summarised
- The Content explorer brings together Sensitivity labels, Retention labels, Trainable Classifiers and Sensitive info types in one overview.
- Content explorer tab takes us into the purview root encompassing Exchange, OneDrive, SharePoint, and Teams
- Content explorer can even open the relevant document and view its metadata. So that we can check if the classification is correct or not
- It enables your compliance, security and privacy officers to get a quick but comprehensive insight into the (sensitive) data in Office 365.
Licenses requirement for accessing the Content explorer in Microsoft Purview
- Office 365 E5
- Microsoft 365 E5
- Microsoft 365 E5 with Advanced Compliance E5 add-on
- Microsoft 365 E5 with Advanced Threat Intelligence E5 add-on
Roles / Permissions for to get access to the Content explorer
- Global administrator
- Compliance administrator
- Security administrator
- Compliance data administrator
The two roles that grant access to Content explorer, and it is granted using the Microsoft Purview compliance portal:
- Content explorer List Viewer: This role group allows you to see each item and its location in list view. The data classification list viewer role has been pre-assigned to this role group.
- Content explorer Content Viewer: This role group allows you to view the contents of each item in the list. The data classification content viewer role has been pre-assigned to this role group.
To access the Content explorer can be done in one or both role group
- If you want to grant an account the ability to view the items and their locations only, grant Content explorer List Viewer rights. .
- If you want that same account to view the items in the list, grant Content explorer Viewer rights too.
Problem to be solve
- You will need to have the correct permissions for this explorer to work.
- Microsoft added two new roles for this: Content explorer List Viewer and Content explorer Content Viewer.
- The names make it quite easy to understand the roles.
- A global admin is one of the roles which can assign these specific roles.
- As shown in the figure below we can see that it asked us to have the required permissions to access the Content explorer.
Why do we require permission to access items in Content explorer?
Access to Content explorer is highly restricted because it lets you read the contents of scanned files.
Let get started and see how we can assign the roles groups to specific user
We have the detailed article for navigate to Microsoft Purview compliance portal– Microsoft 365 – Navigate to Microsoft Purview compliance portal – https://knowledge-junction.in/2023/05/04/small-tricks-and-tips-microsoft-365-administration-microsoft-purview-portal-how-to-navigate/
Before getting started make sure that current user is a Global administrator
- Go to the Microsoft Purview compliance portal at https://compliance.microsoft.com/homepage
- Drag down the Roles & Scopes option and go to Permissions .
- Expand the Microsoft Purview solutions section and select Roles.
- On the Role groups for Microsoft Purview solutions page, select Create role group
- On the Name the role group page, enter a name for the custom role group in the Name field. The name of the role group can’t be changed after creation of the role group. If needed, enter a description for the custom role group in the Description field.
- Select Next to continue
- On the Add roles to the role group page, select Choose roles.
- Select the checkboxes for the roles to add to the custom role group. Select Select.
- Select Next to continue.
- On the Add members to the role group page, select Choose users (or Choose groups if applicable).
- Select Next.
- On the Review the role group and finish page, review the details for the custom role group. If you need to edit the information.
- Select Edit in the appropriate section. When all the settings are correct, select Create to create the custom role group or select Cancel to discard the changes and not create the custom role group.
- Check whether Custom Role group is created, and user is assigned to that role.
- As Shown in above figure it shows our created role and users assign to it.
How to use Content explorer
- Open Microsoft Purview compliance portal > Data classification > Content explorer.
- If you know the name of the label, or the sensitive information type, you can type that into the filter box.
- Alternately, you can browse for the item by expanding the label type and selecting the label from the list.
- Select a location under All locations and drill down the folder structure to the item.
- Double-click to open the item natively in content explorer.
- Select the document to view the content of that document.
I hope this article will help you to know about how to assign the roles groups to specific users for accessing the content in the Content explorer.
Have a wonderful day.
Thanks for reading.