Introduction

Data governance is essential for organizations to effectively manage their data landscape, ensure compliance, and improve data discoverability. Microsoft Purview, formerly known as Azure Purview, is a powerful tool that provides end-to-end data governance solutions. In this blog post, we will discuss how to create a Microsoft Purview account and leverage its capabilities on Azure Virtual Desktop with Deschaine IT.

Getting Started with Microsoft Purview

Microsoft Purview provides a comprehensive suite of tools for managing and governing your data landscape, including the Microsoft Purview Data Map and Microsoft Purview Data Catalog. By connecting to data sources across on-premises, multicloud, and SaaS environments, the Microsoft Purview Data Map generates an up-to-date map of your data estate, allowing you to classify sensitive data, track lineage, and improve data discoverability.

To leverage Microsoft Purview on Azure Virtual Desktop, you must first create a Microsoft Purview account through the Azure portal. This quickstart guide provides step-by-step instructions on how to do this, including signing in to Azure, creating an account, and accessing the Microsoft Purview governance portal.

Prerequisites

Before you can create a Microsoft Purview account, you must have the following:

• An Azure subscription
• An Azure Active Directory tenant associated with your subscription
• A user account with the necessary permissions (contributor, owner, or administrator role)

Additionally, you must ensure that no Azure Policies are in place that would prevent the creation or update of Storage accounts, as Microsoft Purview will deploy a managed Storage account when it is created.

Creating a Microsoft Purview Account

To create a Microsoft Purview account, follow these steps:

• Sign in to the Azure portal with your Azure account.
• Search for Microsoft Purview in the Azure portal.
• Click "Create" to create a new Microsoft Purview account.
• Complete the required fields in the "Create Microsoft Purview account" page, including subscription, resource group, account name, and location.

Note that Microsoft Purview does not support moving accounts across regions, so be sure to deploy to the correct region.

Configuring Networking and Event Hubs

During the account creation process, you can configure networking settings and Event Hubs namespaces. These settings can also be modified after account creation in the Microsoft Purview account page in the Azure Portal.

Opening the Microsoft Purview Governance Portal

After your account is created, you can access the Microsoft Purview governance portal through either of the following methods:

Browse directly to https://web.purview.azure.com, select your Microsoft Purview account name, and sign in to your workspace.

Open your Microsoft Purview account in the Azure portal and click the "Open Microsoft Purview governance portal" tile on the overview page.

Next Steps

Now that you have created a Microsoft Purview account, you can further configure your environment by creating a user-assigned managed identity (UAMI) to enable direct authentication with resources using Azure Active Directory (Azure AD) authentication.

Additionally, explore the Microsoft Purview governance portal, create collections, and grant access to the Microsoft Purview Data Map by following the relevant guides:

Using the Microsoft Purview governance portal

Create a collection

Add users to your Microsoft Purview account

What is the difference between AIP and DLP?

AIP (Azure Information Protection) and DLP (Data Loss Prevention) are two distinct technologies designed to protect sensitive data within organizations. While both aim to secure data, they serve different purposes and offer unique features.

Azure Information Protection (AIP)

AIP is a cloud-based solution provided by Microsoft that helps organizations classify, label, and protect sensitive information. AIP allows users and administrators to assign labels to documents and emails based on the content's sensitivity level. These labels can be used to enforce protection policies, such as encryption and access restrictions. The main features of AIP include:

• Classification and labeling: Users can manually classify documents and emails, or administrators can set up automatic classification rules based on the content.
• Protection: AIP can apply encryption, access restrictions, and other protection measures to sensitive data based on the assigned labels.
• Monitoring and tracking: AIP enables administrators to monitor and track the usage of sensitive data, ensuring compliance and identifying potential risks.

Data Loss Prevention (DLP)

DLP is a set of technologies and strategies designed to prevent unauthorized access, sharing, or leakage of sensitive data. DLP solutions can monitor, detect, and block the transfer or sharing of sensitive information both within and outside an organization. DLP is often implemented across various platforms, such as email, cloud storage, and collaboration tools. The main features of DLP include:

• Policy enforcement: Administrators can create and enforce policies that define which data is sensitive and how it should be handled, including restrictions on sharing or transferring data.
• Monitoring and detection: DLP solutions monitor data in motion, data at rest, and data in use to detect potential violations of established policies.
• Incident management and remediation: In the event of a policy violation, DLP can automatically block the action or notify administrators, allowing for quick remediation of potential data leaks.

In Summary

AIP focuses on classifying, labeling, and protecting sensitive data, while DLP aims to prevent unauthorized access, sharing, or leakage of sensitive data. Both technologies play essential roles in a comprehensive data protection strategy, and organizations often implement them together to ensure robust protection of sensitive information.