top of page
Writer's pictureManpreet Singh

An In-depth Guide to Microsoft Purview

In our data-driven world, companies have lots of information stored in different places. It's not easy to handle all this data. That's where Microsoft Purview comes in. It's a powerful tool to help manage data.


In this article, we'll learn about Microsoft Purview's advantages, how it works with Microsoft Fabric, its central hub for managing data, and its solutions for managing risks and rules, as well as making data governance easier.


Whether you're new to handling data or already know a lot, understanding Microsoft Purview is important for getting the most out of your data.


Table of Contents:

  1. Microsoft Purview Information Protection

  2. Microsoft Purview Data Loss Prevention (DLP)

  3. Microsoft Purview Audit

How to Access Microsoft Purview Hub


What is Microsoft Purview?

Microsoft Purview is a data governance solution that helps organizations manage and govern their on-premises, multi-cloud, and software-as-a-service (SaaS) data. Purview includes capabilities for managing access to data sources and datasets, and for creating and enforcing data policies.


It can help you:

  • Identify and classify your data: Purview can automatically scan your data for sensitive information, such as personally identifiable information (PII) and financial data. Once your data is classified, you can create policies to protect it from unauthorized access.

  • Protect your data across all environments: Purview can help you protect your data, whether it's stored in the cloud, on-premises, or in a hybrid environment. It can also help you protect your data as it's being used in applications and devices.

  • Meet regulatory compliance requirements: Purview can help you meet a variety of regulatory compliance requirements, such as GDPR and HIPAA. It can also help you generate reports that show how you're complying with these requirements.

  • Get insights into your data: Purview can help you understand how your data is being stored and used. This information can help you make better decisions about how to manage your data and protect it from unauthorized access.

Microsoft Purview is a valuable tool for organizations of all sizes. It can help you to improve your data governance, protect your data, and comply with data regulations.

Microsoft Purview overview

Here are some examples of how Microsoft Purview can be used:

  • A financial services company can use Purview to identify and classify all of its customer data, and to create policies to protect this data from unauthorized access.

  • A healthcare organization can use Purview to track the flow of patient data and to ensure that it is only used for authorized purposes.

  • A retail company can use Purview to understand how its customers interact with its data and to create policies to improve the customer experience.


How to get started

Below are the simple steps that illustrate how you can create your first Microsoft Purview account.


STEP 1: Sign in to your Azure account.


STEP 2: Go to the marketplace. Search "Microsoft Purview" in the search box and click on "Create".


create Microsoft Purview 1

STEP 3: Now, under the "Basic" section, enter the Azure subscription, and select an existing "resource group". If you don't have any, then you can create a new resource group.


Click on "Create new" to create a new resource group.

Create Microsoft Purview 2

STEP 4: Now, enter the "Microsoft Purview account name". For example"TestPurview".


STEP 5: Next, choose a location. The location is the region where your Microsoft Purview account and metadata will be stored.


Click "Next".


STEP 6: Under the "Networking" section, select whether you want to connect to all networks or you want to use a private endpoint.


Click "Next".


STEP 7: Under the "Configuration" section, configure the event hubs namespaces to programmatically monitor your Microsoft Purview account using Event Hubs and Atlas Kafka.

Create Microsoft Purview 3

Click "Next".


STEP 8: Under the "Tags" section, add a tag called Purview environment, and give it one of the below values:

  1. Production

  2. Pre-production

  3. Test

  4. Dev

  5. Proof of Concept

Create Microsoft Purview 4

STEP 9: Now, click on "Review + Create".


Create Microsoft Purview 5

STEP 10: After creating the account, you will be able to manage and access the Microsoft Purview governance portal. There are two ways to do so:

  1. You can browse https://web.purview.azure.com, select your account and sign-in.

  2. Go to the Azure portal, and select "Open Microsoft Purview governance portal".

Create Microsoft Purview 6

Microsoft Purview and Microsoft Fabric

Microsoft Purview and Microsoft Fabric are powerful tools that can help you manage and protect your data. When used together, they can help you to improve your data security, compliance, and governance.


It is a data lakehouse that helps you store, analyze, and process your data. It is a cloud-based service that is easy to use and scalable to meet your needs.


Here are some specific Microsoft Purview applications that you can use to manage and protect your Fabric data:

  1. Microsoft Purview Information Protection

  2. Microsoft Purview Data Loss Prevention

  3. Microsoft Purview Audit

1. Microsoft Purview Information Protection:

Information protection in Microsoft Fabric is based on information protection in Microsoft Power BI. However, it is currently less fully supported than in Power BI.


This means,

  • If you are already using information protection features in Power BI, you can use similar features in Fabric.

  • If you are looking for a more comprehensive set of information protection features, you may want to use Power BI instead of Fabric.

Microsoft Fabric provides a number of information protection capabilities to help you protect your sensitive data, such as:


1. Manual labeling:

Users can choose to add a sensitivity label to any Fabric item, such as a dataset or report.


Cons:

  • Only users who are specified as allowed to apply sensitivity labels can do so.

  • Sensitivity labels must be published to the user as part of the label's policy definitions in the Microsoft Purview compliance center.

2. Default labeling:

When a new item is created, it is automatically assigned a default sensitivity label. This can be changed by the user if desired.


Cons:

  • When a non-Power BI Fabric item is created, the default sensitivity label will only be applied if the user does not choose a label and there is a clear, substantive create dialog.

  • When a Fabric item that has no label is updated, the default label will only be applied if the item is a Power BI item and the user does not apply a label, or if the item is a non-Power BI Fabric item and the change is made in the item's flyout menu.

3. Mandatory labeling:

Some Fabric items require that a sensitivity label be applied before they can be saved. This is known as mandatory labeling.


Cons:

  • Mandatory labeling is currently only supported for Power BI items.

  • If mandatory labeling is on and default labeling is off, users can still select a label, but mandatory labeling logic is not enforced, meaning that the user can save the item without a label unless the experience itself requires that a label be set.

4. Programmatic labeling:

Pros:

  • Sensitivity labels can be added, changed, or removed using code. This can be useful for automating the application of sensitivity labels.

  • Programmatic labeling is supported for all Fabric items.


5. Downstream inheritance:

When a sensitivity label is applied to an item, the label is automatically applied to all of the item's dependent items. This is known as downstream inheritance.


Cons:

  • Downstream inheritance is on by default and is supported for Power BI item to Power BI item, Fabric item to Fabric item, and Fabric item to Power BI item.

  • It is not supported for Power BI item to Fabric item, or for autogenerated items from a Lakehouse or Data Warehouse, which take their sensitivity label from their parent Lakehouse or Data Warehouse and do not inherit the label from items further upstream.

6. Inheritance upon creation:

When a new item is created from an existing item, the new item inherits the sensitivity label of the existing item.


Cons: Inheritance upon creation is supported for Power BI Fabric items and in other scenarios with non-Power BI items where one item is created from another item, such as

  • A Pipeline created from a Lakehouse,

  • A Notebook created from a Lakehouse,

  • A Lakehouse shortcut created from a Lakehouse,

  • A Pipeline created from a Notebook,

  • A KQL Queryset created from a KQL Database, or

  • A Pipeline created from a KQL Database.

7. Inheritance from data sources:

When a Fabric item ingests data from a data source that has a sensitivity label, that label is applied to the Fabric item.


Cons: Inheritance from data sources is currently only supported for Power BI datasets.


8. Export:

When a user exports data from an item that has a sensitivity label, the sensitivity label is preserved in the exported data.


Cons: Sensitivity label inheritance upon export is only supported for Power BI items in supported export paths. Currently, no other Fabric experience uses an export method that transfers the sensitivity label to the exported output. However, if a user does export an item that has a sensitivity label, a warning is issued.


Nevertheless, Microsoft is working to add more information protection features to Fabric over time.


2. Microsoft Purview Data Loss Prevention (DLP):

DLP policies for Power BI help you protect your sensitive data by detecting and preventing unauthorized access, disclosure, and use. You can use DLP policies to create rules that identify sensitive data in your Power BI datasets and reports. Once you've created a DLP policy, you can configure it to take actions such as sending alerts to users or administrators, blocking access to sensitive data, or preventing users from exporting sensitive data.


How DLP policies work

DLP policies work by scanning your Power BI datasets and reports for sensitive data. They can detect sensitive data using a variety of methods, such as:

  • Sensitivity labels: Sensitivity labels are tags that you can apply to your data to classify it as sensitive. DLP policies can detect data that has been tagged with specific sensitivity labels.

  • Sensitive information types (SITs): SITs are pre-defined types of sensitive data, such as credit card numbers, social security numbers, and email addresses. DLP policies can detect data that matches these SITs.

  • Regular expressions: You can also use regular expressions to define your own criteria for identifying sensitive data.


3. Microsoft Purview Audit:

Microsoft Fabric provides two ways to track user activities:

  • The Power BI activity log: This log records all user activities in Power BI, including activities in Fabric.

  • The Microsoft Purview audit log: This log records all user activities in Microsoft Purview, including activities in Fabric.

To track user activities in Fabric, you can view the Power BI activity log or the Microsoft Purview audit log. Both logs provide a variety of information about user activities, such as:

  • The user who performed the activity

  • The date and time of the activity

  • The item that was affected by the activity

  • The type of activity that was performed.

How to access audit logs?

Follow the below steps to do so:


STEP 1: In Power BI, go to "Settings" (Gear icon) and then select "Admin portal".

Access Audit Logs in Microsoft Purview

STEP 2: From the left panel, select "Audit logs".

Access Audit Logs in Microsoft Purview

STEP 3: Now, click on "Go to Microsoft 365 Admin Center".

Access Audit Logs in Microsoft Purview

Here, you can see the activities.


Microsoft Purview Hub

Microsoft Purview hub is a centralized page in Fabric that helps Fabric administrators manage and govern their Fabric data estate. It is a one-stop shop for administrators to get insights into their Fabric data, including sensitive data and item endorsement, and to access more advanced Purview capabilities.


To access the Purview hub, go to the Fabric experience and select Admin > Governance and insights > Microsoft Purview hub (preview).

Microsoft Purview Hub

To use the Purview hub, you can:

  • View the insights report: The insights report provides an overview of the distribution and use of endorsement and sensitivity labeling throughout your organization's Fabric data estate.

  • Create and manage DLP policies: You can use the Purview hub to create and manage DLP policies to detect and prevent unauthorized access, disclosure, and loss of sensitive data.

  • View audit logs: You can use the Purview hub to view audit logs to track user activity in Fabric.

The Purview hub provides a number of benefits for Fabric administrators, including:

  • Centralized management: The Purview hub provides a centralized place to manage and govern all of your Fabric data.

  • Visibility: The Purview hub provides visibility into sensitive data, item endorsement, and user activity in Fabric.

  • Control: The Purview hub gives you control over how your Fabric data is protected and used.


Microsoft Purview Risk and Compliance Solutions

Microsoft Purview compliance is a set of solutions that help organizations manage and govern their data in a compliant way. It provides a comprehensive set of capabilities for data discovery, classification, protection, and risk management.


Benefits of using Microsoft Purview compliance

Microsoft Purview compliance can help organizations to:

  • Protect their sensitive data from unauthorized access, disclosure, and loss.

  • Meet compliance requirements such as GDPR and HIPAA.

  • Improve their data security posture.

  • Reduce the risk of data breaches and other security incidents.

Key features of Microsoft Purview compliance

Microsoft Purview compliance includes a number of key features, such as:

  • Data discovery and classification: Purview helps organizations to discover and classify all of their data, regardless of where it is located.

  • Data protection: Purview provides a variety of capabilities for protecting data from unauthorized access, disclosure, and loss, such as sensitivity labels, data loss prevention (DLP), and encryption.

  • Risk management: Purview helps organizations to identify and mitigate data risks.

  • Compliance reporting: Purview provides reports that help organizations to demonstrate compliance with regulations and standards.


Microsoft Purview Unified Data Governance Solutions

Microsoft Purview unified data governance solutions provide a comprehensive set of capabilities for managing and governing your data across your on-premises, multicloud, and SaaS estate. These capabilities include:


1. Data Map: Data Map is a cloud-native service that creates a holistic map of your data estate by scanning and classifying data assets across your on-premises and cloud systems. This information is then integrated into a single view, providing you with a comprehensive understanding of your data landscape.


2. Data Catalog app: The Data Catalog app provides a business-friendly interface for users to search for and discover data within the organization. It allows users to browse and filter data assets based on metadata, such as sensitivity labels, data types, and owners. The Data Catalog app also provides users with the ability to collaborate on data assets and create and share data stories.


3. Data Estate Insights app: The Data Estate Insights app provides a centralized view of your data estate, including insights into data usage, data quality, and data security. This information can be used to identify and address data governance risks, improve data quality, and make better decisions about your data.


4. Data Sharing app: The Data Sharing app makes it easy to share data with internal and external stakeholders. It provides a secure and controlled way to share data assets, and it allows you to track and monitor who is accessing your data and how they are using it.


5. Data Policy app: The Data Policy app helps you to create and manage data governance policies. It provides a variety of pre-built templates and tools to help you get started, and it allows you to customize your policies to meet your specific needs.


Microsoft Purview governance solutions can help you to:

  • Protect your data from unauthorized access, disclosure, and loss.

  • Meet compliance requirements.

  • Improve your data security posture.

  • Reduce the risk of data breaches and other security incidents.

  • Get more value from your data.


Conclusion

To sum it up, Microsoft Purview is like a valuable tool for companies in our data-driven world. It helps them manage their data better and use it to make smart decisions. It also helps them follow rules about data and keep their information safe. Microsoft Purview works well with other Microsoft tools, making it easier for companies to keep all their data in one place. It even has special features for managing risks and rules.


Using Microsoft Purview isn't just a choice; it's a smart move for companies that want to succeed in the digital age. It helps them make the most of their data and stay competitive by being innovative in a changing world.

댓글


bottom of page