Quickstart: Create an Azure Purview account in the Azure portal
Important
Azure Purview is currently in PREVIEW. The Supplemental Terms of Use for Microsoft Azure Previews include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
In this quickstart, you create an Azure Purview account.
Prerequisites
An Azure account with an active subscription. Create an account for free.
Your own Azure Active Directory tenant.
Your account must have permission to create resources in the subscription
If you have Azure Policy blocking all applications from creating Storage account and EventHub namespace, you need to make policy exception using tag, which can be entered during the process of creating a Purview account. The main reason is that for each Purview Account created, it needs to create a managed Resource Group and within this resource group, a Storage account and an EventHub namespace.
Important
You don't have to follow this step if you don't have Azure Policy or an existing Azure Policy is not blocking the creation of Storage account and EventHub namespace.
Navigate to the Azure portal and search for Policy
Follow Create a custom policy definition or modify existing policy to add two exceptions with
not
operator andresourceBypass
tag:{ "mode": "All", "policyRule": { "if": { "anyOf": [ { "allOf": [ { "field": "type", "equals": "Microsoft.Storage/storageAccounts" }, { "not": { "field": "tags['<resourceBypass>']", "exists": true } }] }, { "allOf": [ { "field": "type", "equals": "Microsoft.EventHub/namespaces" }, { "not": { "field": "tags['<resourceBypass>']", "exists": true } }] }] }, "then": { "effect": "deny" } }, "parameters": {} }
Note
The tag could be anything beside
resourceBypass
and it's up to you to define value when creating Purview in latter steps as long as the policy can detect the tag.Create a policy assignment using the custom policy created.
Sign in to Azure
Sign in to the Azure portal with your Azure account.
Configure your subscription
If necessary, follow these steps to configure your subscription to enable Azure Purview to run in your subscription:
In the Azure portal, search for and select Subscriptions.
From the list of subscriptions, select the subscription you want to use. Administrative access permission for the subscription is required.
For your subscription, select Resource providers. On the Resource providers pane, search and register all three resource providers:
- Microsoft.Purview
- Microsoft.Storage
- Microsoft.EventHub
If they are not registered, register it by selecting Register.
Create an Azure Purview account instance
Go to the Purview accounts page in the Azure portal, and then select Add to create a new Azure Purview account. Alternatively, you can go to marketplace search for Purview Accounts and select Create. Note that you can add only one Azure Purview account at a time.
Note
Azure Purview does not support moving its account across regions. You can find out more information about this in Azure supported services page.
On the Basics tab, do the following:
- Select a Resource group.
- Enter a Purview account name for your catalog. Spaces and symbols aren't allowed.
- Choose a Location, and then select Next: Configuration.
On the Configuration tab, select the desired Platform size - the allowed values are 4 capacity units (CU) and 16 CU. Select Next: Tags.
On the Tags tab, you can optionally add one or more tags. These tags are for use only in the Azure portal, not Azure Purview.
Note
If you have Azure Policy and need to add exception as in Prerequisites, you need to add the correct tag. For example, you can add
resourceBypass
tag:Select Review & Create, and then select Create. It takes a few minutes to complete the creation. The newly created Azure Purview account instance appears in the list on your Purview accounts page.
When the new account provisioning is complete select Go to resource.
Note
If the provisioning failed with
Conflict
status, that means there is an Azure policy blocking Purview from creating a Storage account and EventHub namespace. You need to go through the Prerequisites steps to add exceptions.Select Launch purview account.
Add a security principal to a data plane role
Before you or your team can begin to use Azure Purview, one or more security principals must be added to one of the pre-defined Data Plane roles: Purview Data Reader, Purview Data Curator or Purview Data Source Administrator. For more information on Azure Purview Data Catalog permissions, see Catalog permissions.
To add a security principal to the Purview Data Curator data plane role in an Azure Purview account:
Go to the Purview accounts page in the Azure portal.
Select the Azure Purview account you want to modify.
On the Purview account page, select the tab Access control (IAM)
Click + Add
If upon clicking Add you see two choices showing both marked (disabled) then this means you do not have the right permissions to add anyone to a data plane role on the Azure Purview account. You must find an Owner, User Access Administrator or someone else with role assignment authority on your Azure Purview account. You can look for the right people by selecting Role assignments tab and then scrolling down to look for Owner or User Access Administrator and contacting those people.
Select Add role assignment.
For the Role type in Purview Data Curator Role or Purview Data Source Administrator Role depending on what the security principal is going to be used for (please see Catalog Permissions and Application and service principal objects in Azure Active Directory for details).
For Assign access to leave the default, User, group, or service principal.
For Select enter the name of the user, Azure Active Directory group or service principal you wish to assign and then click on their name in the results pane.
Click on Save.
Clean up resources
If you no longer need this Azure Purview account, delete it with the following steps:
Go to the Purview accounts page in the Azure portal.
Select the Azure Purview account that you created at the beginning of this quickstart. Select Delete, enter the name of the account, and then select Delete.
Next steps
In this quickstart, you learned how to create an Azure Purview account.
Advance to the next article to learn how to allow users to access your Azure Purview Account.