I recently blogged a recommendation to create a new role within the Microsoft 365 Compliance Center to ensure users that must be able to review content that is up for disposition actually have the necessary access to do so. I call the role Disposition Review, but it obviously can be named whatever makes sense in your own organization. This role is necessary as even a global admin does not have the necessary access to view disposition rules by default. Disposition reviews are considered a specialized role similar to content reviewers, which also needs specialized access within the tenant (but that’s a post for another day). This post will cover creating a disposition review compliance role in the Microsoft 365 Compliance Center
Disclaimer: Microsoft is making changes all the time to the Microsoft 365 interface. Any screenshots displayed in this post are current at the last edit of the post.
Creating a Disposition Review Compliance Role
The Disposition Review administration role requires two roles that exist within the Microsoft 365 compliance console:
- Disposition Management – allows users to access the disposition tab within the record management console. It does not allow them to create or modify retention labels or policies.
- View-only Audit Logs – Within the disposition console activities that have occurred such as disposition approvals can be reviewed. The disposition console utilizes the audit logs for this purpose, thus this is required for disposition reviewers.
To create the administrative role utilize the following steps:
- Access the compliance console (https://compliance.microsoft.com)
- Click on Permissions and then roles under the Compliance Center group.
- Click +Create
- Provide the admin role a name (Disposition Review) and a description if required. Click Next.
- On the Choose roles screen click on Choose roles.
- Click Add
- Search for Disposition Management and place a checkmark beside it.
- Repeat Step 7 for View-Only Audit Logs
- Click Done.
- Click Next.
- Click on Choose members and add necessary users to the role. Note: individual users only. Security groups or mail-enabled security groups cannot be added at this time.
- Once selected all users, click Add
- Click Done and then Next.
- Review settings and click Create.
The new administration role will take a short time to update all the necessary areas of the tenant infrastructure, but when complete all users within the role will be able to review dispositions assigned to them.
Thanks for reading!