Споделяне чрез


Create an exception to deploy Microsoft Purview

Many subscriptions have Azure Policies in place that restrict the creation or update of some resources. This is to maintain subscription security and cleanliness. However, Microsoft Purview accounts created before December 15, 2023 (or deployed using API version previous to 2023-05-01-preview) deployed an Azure Storage account when it was created. It's managed by Azure, so you don't need to maintain it, but it's necessary for Microsoft Purview to run correctly. Existing policies could block Microsoft Purview from updating this Azure Storage account, which can cause errors during scanning.

Overall, your approach to resolving this error is going to be dependent on your organizations needs and policies, but here are a few ways you could update your policies to resolve this issue.

Create an Azure policy exclusion for Microsoft Purview

To maintain your policies in your subscription, but still allow the creation and updates to these managed resources, you can create an exclusion. For example, adding an exclusion for the resource group where your Microsoft Purview account is being deployed.

For steps to create an exclusion for your policies, see these steps to add an exclusion to your policy.

Use resource selectors on a created policy

Depending on other policies deployed in your subscription, or depending on your region, you could need to add Resource selectors under the Advanced tab when assigning a policy. For example, you might need to add a resource selector for resourceLocation set to the region where you'll deploy your Microsoft Purview account. For more information about these conditions, see our documentation on location conditions.

Create an exemption

Exemptions are recommended for time-bound or specific scenarios where a resource or resource hierarchy should still be tracked and would otherwise be evaluated, but there's a specific reason it shouldn't be assessed for compliance. It would allow a temporary exception to your policy for a resource to exist for a finite amount of time.

For more information, see the documentation for policy exemptions.

Next steps

To set up Microsoft Purview by using Private Link, see Use private endpoints for your Microsoft Purview account.