Create an Azure Policy exception for Azure Purview
Many subscriptions have Azure Policies in place that restrict the creation of some resources. This is to maintain subscription security and cleanliness. However, Azure Purview accounts deploy two other Azure resources when they are created: an Azure Storage account, and an Event Hubs namespace. When you create Azure Purview Account, these resources will be deployed. They will be managed by Azure, so you don't need to maintain them, but you will need to deploy them.
To maintain your policies in your subscription, but still allow the creation of these managed resources, you can create a policy exception.
Create a policy exception for Azure Purview
Navigate to the Azure portal and search for Policy
Follow Create a custom policy definition or modify existing policy to add two exceptions with
notoperator andresourceBypasstag:{ "mode": "All", "policyRule": { "if": { "anyOf": [ { "allOf": [ { "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, { "not": { "field": "tags['<resourceBypass>']", "exists": true } }] }, { "allOf": [ { "field": "type", "equals": "Microsoft.EventHub/namespaces" }, { "not": { "field": "tags['<resourceBypass>']", "exists": true } }] }] }, "then": { "effect": "deny" } }, "parameters": {} }Note
The tag could be anything beside
resourceBypassand it's up to you to define value when creating Azure Purview in later steps as long as the policy can detect the tag.
Create a policy assignment using the custom policy created.
Note
If you have Azure Policy and need to add exception as in Prerequisites, you need to add the correct tag. For example, you can add resourceBypass tag:
Next steps
To set up Azure Purview by using Private Link, see Use private endpoints for your Azure Purview account.