how to use the governance policy which is written in the azure purview but it has to be used over the azure environment.

Ganapathy Ram 60 Reputation points

How can I implement this policy outside of the Azure perspective? For example, when I write the policy inside the Azure purview, I select the data sources named adls gen 2, the container named goldzone, and the folder named account. Within the purview, the policy has been established and worked on, but I need the same policy to be worked on outside of the scope. For that, is there any tool to be established?  


Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
998 questions
0 comments No comments
{count} votes

Accepted answer
  1. PRADEEPCHEEKATLA-MSFT 82,356 Reputation points Microsoft Employee

    @Ganapathy Ram - Thanks for the question and using MS Q&A platform.

    To implement a policy outside of the Azure Purview scope, you can use Azure Policy. Azure Policy is a service in Azure that you can use to create, assign, and manage policies. Policies are rules that enforce different aspects of governance over your resources, so you can stay compliant with your corporate standards and service level agreements.

    To use Azure Policy to enforce the same policy you created in Azure Purview, you can follow these steps:

    • Open the Azure portal and navigate to the Azure Policy service.
    • Create a new policy definition by clicking on the "Definitions" tab and then clicking on the "New policy definition" button.
    • In the "Basics" tab of the policy definition, give your policy a name and description.
    • In the "Policy rule" tab, select the "Add condition" button and then select the "Data source" condition.
    • In the "Data source" condition, select "Azure Data Lake Storage Gen2" as the data source type and then select the specific ADLS Gen2 account you want to apply the policy to.
    • In the "Policy rule" tab, select the "Add condition" button again and then select the "File path" condition.
    • In the "File path" condition, specify the path to the container and folder you want to apply the policy to (in your case, "goldzone/account").
    • In the "Policy rule" tab, select the "Add effect" button and then select the "Deny" effect.
    • In the "Deny" effect, specify the actions you want to deny (for example, "Microsoft.Storage/storageAccounts/blobServices/containers/write") and the reason for the denial.
    • Save the policy definition.
    • Assign the policy definition to the appropriate scope (for example, a management group or subscription).

    Once the policy is assigned, it will be enforced on the specified ADLS Gen2 account, container, and folder, regardless of whether the resources are accessed through Azure Purview or any other tool.

    I hope this helps! Let me know if you have any further questions.

    0 comments No comments

0 additional answers

Sort by: Most helpful