Create an exception to deploy Microsoft Purview
Many subscriptions have Azure Policies in place that restrict the creation of some resources. This is to maintain subscription security and cleanliness. However, Microsoft Purview accounts deploy two other Azure resources when they're created: an Azure Storage account, and an Event Hubs namespace. When you create Microsoft Purview Account, these resources will be deployed. They'll be managed by Azure, so you don't need to maintain them, but you'll need to deploy them. Existing policies may block this deployment, and you may receive an error when attempting to create a Microsoft Purview account.
To maintain your policies in your subscription, but still allow the creation of these managed resources, you can create an exception.
Create an Azure policy exception for Microsoft Purview
Navigate to the Azure portal and search for Policy
Follow Create a custom policy definition or modify existing policy to add two exceptions with
notoperator andresourceBypasstag:{ "mode": "All", "policyRule": { "if": { "anyOf": [ { "allOf": [ { "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, { "not": { "field": "tags['<resourceBypass>']", "exists": true } }] }, { "allOf": [ { "field": "type", "equals": "Microsoft.EventHub/namespaces" }, { "not": { "field": "tags['<resourceBypass>']", "exists": true } }] }] }, "then": { "effect": "deny" } }, "parameters": {} }Note
The tag could be anything beside
resourceBypassand it's up to you to define value when creating Microsoft Purview in later steps as long as the policy can detect the tag.
Create a policy assignment using the custom policy created.
Note
If you have Azure Policy and need to add exception as in Prerequisites, you need to add the correct tag. For example, you can add resourceBypass tag:
Next steps
To set up Microsoft Purview by using Private Link, see Use private endpoints for your Microsoft Purview account.
Povratne informacije
Pošalјite i prikažite povratne informacije za