Considering Purview Network Security
Start course

In this course, users will explore the suite of tools available in Microsoft Purview for registering and scanning data sources, connecting a business glossary, searching the data catalog, and customizing metadata with enrichments and classifications. In addition, this course will review some of the management and administrative functionality in Purview, including creating roles, managing authorizations, and using the Apache Atlas API for custom implementations. This course will also review deployment best practices and network security considerations. By completing this course, users will have a strong understanding of the suite of functionality currently available in Purview and how these tools support a larger governance initiative within an organization.  

Learning Objectives

  • Provision and install Microsoft Purview
  • Create and manage a role
  • Register and scan data sources
  • Create a business glossary
  • Enrich metadata with classifications
  • Review data lineage tooling
  • Understand deployment best practices
  • Take network security considerations into account

Intended Audience

This course is designed for individuals who are responsible for setting up, monitoring, or exploring data catalog and governance programs within their organization.  


To get the most from this course, you should have some familiarity and experience with governance tooling as well as a basic understanding of the Azure portal.


Consider Purview Network Security. We can deploy a Microsoft Purview account private endpoint to allow only client calls to Microsoft Purview that originate from within the private network. To connect to the Microsoft Purview governance portal using a private network connectivity, we can deploy portal private endpoints. We can deploy ingestion private endpoints if we need to scan Azure IaaS or PaaS data sources inside Azure virtual networks and on-premises data sources through a private connection. 

This method ensures network isolation for our metadata flowing from the data sources to the Microsoft Purview data map. The Microsoft Purview account private endpoint is used to add another layer of security by enabling scenarios where only client calls that originate from within the virtual network are allowed to access the Microsoft Purview accounts. This private endpoint is also a prerequisite for the portal private endpoint. The Microsoft Purview portal private endpoint is required to enable connectivity to Microsoft Purview governance portal using a private network. Microsoft Purview can scan data sources in Azure or on-premises environments by using ingestion private endpoints. 

Three private endpoint resources are required to be deployed and linked to Microsoft Purview managed resources when ingestion private endpoints are deployed. They include Blob private endpoints and Queue private endpoints which are linked to a Microsoft Purview managed storage account, and Namespace private endpoints which are linked to a Microsoft Purview managed Event Hub namespace. A managed virtual network in Microsoft Purview is a virtual network which is deployed and managed by Azure inside the same region as Microsoft Purview account to allow scanning data resources inside a managed network without having to deploy and manage any self-hosted integration runtime virtual machines by the customer in Azure.


About the Author

Steve is an experienced Solutions Architect with over 10 years of experience serving customers in the data and data engineering space. He has a proven track record of delivering solutions across a broad range of business areas that increase overall satisfaction and retention. He has worked across many industries, both public and private, and found many ways to drive the use of data and business intelligence tools to achieve business objectives. He is a persuasive communicator, presenter, and quite effective at building productive working relationships across all levels in the organization based on collegiality, transparency, and trust.