Use private endpoints for your Microsoft Purview account
This article describes how to configure private endpoints for Microsoft Purview governance solutions in the classic portal.
Important
Account and portal private endpoints are not available for the new portal experience. They are only available for the classic portal experience.
Ingestion private endpoints can be used for both experiences, but are set up through the classic experience.
Conceptual Overview
You can use Azure private endpoints for your Microsoft Purview accounts to allow users on a virtual network (VNet) to securely access the catalog over a Private Link. A private endpoint uses an IP address from the VNet address space for your Microsoft Purview account. Network traffic between the clients on the VNet and the Microsoft Purview account traverses over the VNet and a private link on the Microsoft backbone network.
If you're still using the classic portal experience, you can deploy Microsoft Purview account private endpoint, to allow only client calls to Microsoft Purview that originate from within the private network. To connect to the Microsoft Purview governance portal using a private network connectivity, you can deploy portal private endpoint.
For both the new and classic experience, you can deploy ingestion private endpoints if you need to scan Azure IaaS and PaaS data sources inside Azure virtual networks and on-premises data sources through a private connection. This method ensures network isolation for your metadata flowing from the data sources to Microsoft Purview Data Map.
Prerequisites
Before deploying private endpoints for Microsoft Purview account, ensure you meet the following prerequisites:
- An Azure account with an active subscription. Create an account for free.
- An existing Azure Virtual network. Deploy a new Azure virtual network if you don't have one.
Microsoft Purview private endpoint deployment scenarios
Use the following recommended checklist to perform deployment of Microsoft Purview account with private endpoints:
| Scenario | Objectives |
|---|---|
| Scenario 1 - Connect to your Microsoft Purview and scan data sources privately and securely | You need to restrict access to your Microsoft Purview account only via a private endpoint, including access to the Microsoft Purview governance portal, Atlas APIs and scan data sources in on-premises and Azure (but inside a virtual network) using self-hosted integration runtime ensuring end to end network isolation. (Deploy account, _portal, and ingestion private endpoints.) |
| Scenario 2 - Connect privately and securely to your Microsoft Purview account | You need to enable access to your Microsoft Purview account, including access to the Microsoft Purview governance portal and Atlas API through private endpoints. (Deploy account and portal private endpoints). |
| Scenario 3 - Scan data source securely using Managed Virtual Network | You need to scan Azure data sources securely, without having to manage a virtual network or a self-hosted integration runtime VM. (Deploy managed private endpoints for Microsoft Purview Azure data sources). |
| Scenario 4 - Using the new Microsoft Purview portal | If you're using the new portal experience, only ingestion private endpoints are currently available. |
Frequently Asked Questions
For FAQs related to private endpoint deployments in Microsoft Purview, see FAQ about Microsoft Purview private endpoints.
Troubleshooting guide
For troubleshooting private endpoint configuration for Microsoft Purview accounts, see Troubleshooting private endpoint configuration for Microsoft Purview accounts.
Known limitations
To view list of current limitations related to Microsoft Purview private endpoints, see Microsoft Purview private endpoints known limitations.
Next steps
Feedback
Binnenkort beschikbaar: In de loop van 2024 zullen we GitHub Issues geleidelijk uitfaseren als het feedbackmechanisme voor inhoud. Het wordt vervangen door een nieuw feedbacksysteem. Zie voor meer informatie: https://aka.ms/ContentUserFeedback.
Feedback verzenden en weergeven voor