Quickstart: Create a Microsoft Purview account using Azure PowerShell/Azure CLI

Je li ova stranica od pomoći?

Imate dodatne povratne informacije?

Povratne informacije će biti poslane kompaniji Microsoft: pritiskom na dugme za slanje, vaše povratne informacije će se koristiti za unapređivanje proizvoda i usluga kompanije Microsoft. Pravila privatnosti.

In this Quickstart, you'll create a Microsoft Purview account using Azure PowerShell/Azure CLI. PowerShell reference for Microsoft Purview is available, but this article will take you through all the steps needed to create an account with PowerShell.

Microsoft Purview is a data governance service that helps you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, Microsoft Purview creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.

For more information about Microsoft Purview, see our overview page. For more information about deploying Microsoft Purview across your organization, see our deployment best practices.

Prerequisites

• If you don't have an Azure subscription, create a free subscription before you begin.

• An Azure Active Directory tenant associated with your subscription.

• The user account that you use to sign in to Azure must be a member of the contributor or owner role, or an administrator of the Azure subscription. To view the permissions that you have in the subscription, follow these steps:

  1. Go to the Azure portal
  2. Select your username in the upper-right corner.
  3. Select the ellipsis button ("...") for more options.
  4. Then select My permissions.
  5. If you have access to multiple subscriptions, select the appropriate subscription.

• No Azure Policies preventing creation of Storage accounts or Event Hub namespaces. Microsoft Purview will deploy a managed Storage account and Event Hubs when it is created. If a blocking policy exists and needs to remain in place, please follow our Microsoft Purview exception tag guide and follow the steps to create an exception for Microsoft Purview accounts.

Sign in to Azure

Sign in to the Azure portal with your Azure account.

Install PowerShell

Install either Azure PowerShell or Azure CLI in your client machine to deploy the template: Command-line deployment

Create a Microsoft Purview account

1. Sign in with your Azure credential

   PowerShell

   Connect-AzAccount
   

   Azure CLI

   az login
   

2. If you have multiple Azure subscriptions, select the subscription you want to use:

   PowerShell

   Set-AzContext [SubscriptionID/SubscriptionName]
   

   Azure CLI

   az account set --subscription [SubscriptionID/SubscriptionName]
   

3. Create a resource group for your Microsoft Purview account. You can skip this step if you already have one:

   PowerShell

   New-AzResourceGroup -Name myResourceGroup -Location 'East US'
   

   Azure CLI

   az group create \
     --name myResourceGroup \
     --location "East US"
   

4. Create or Deploy the Microsoft Purview account

   PowerShell

   Use the New-AzPurviewAccount cmdlet to create the Microsoft Purview account:

   New-AzPurviewAccount -Name yourPurviewAccountName -ResourceGroupName myResourceGroup -Location eastus -IdentityType SystemAssigned -SkuCapacity 4 -SkuName Standard -PublicNetworkAccess Enabled
   

   Azure CLI

   1. Create a Microsoft Purview template file such as purviewtemplate.json. You can update name, location, and capacity (4 or 16):

      {
        "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        "contentVersion": "1.0.0.0",
        "resources": [
          {
            "name": "<yourPurviewAccountName>",
            "type": "Microsoft.Purview/accounts",
            "apiVersion": "2020-12-01-preview",
            "location": "EastUs",
            "identity": {
              "type": "SystemAssigned"
            },
            "properties": {
              "networkAcls": {
                "defaultAction": "Allow"
              }
            },
            "dependsOn": [],
            "sku": {
              "name": "Standard",
              "capacity": "4"
            },
            "tags": {}
          }
        ],
        "outputs": {}
      }
      

   2. Deploy Microsoft Purview template

      To run this deployment command, you must have the latest version of Azure CLI.

      az deployment group create --resource-group "<myResourceGroup>" --template-file "<PATH TO purviewtemplate.json>"
      

5. The deployment command returns results. Look for ProvisioningState to see whether the deployment succeeded.

6. If you deployed the Microsoft Purview account using a service principal, instead of a user account, you will also need to run the below command in the Azure CLI:

   az purview account add-root-collection-admin --account-name [Microsoft Purview Account Name] --resource-group [Resource Group Name] --object-id [User Object Id]
   

   This command will grant the user account collection admin permissions on the root collection in your Microsoft Purview account. This allows the user to access the Microsoft Purview governance portal and add permission for other users. For more information about permissions in Microsoft Purview, see our permissions guide. For more information about collections, see our manage collections article.

Next steps

In this quickstart, you learned how to create a Microsoft Purview account.

Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to Microsoft Purview.

• How to use the Microsoft Purview governance portal
• Add users to your Microsoft Purview account
• Create a collection