Quickstart: Create a Microsoft Purview (formerly Azure Purview) account using a Bicep file

This quickstart describes the steps to deploy a Microsoft Purview (formerly Azure Purview) account using a Bicep file.

After you've created the account, you can begin registering your data sources, and using the Microsoft Purview governance portal to understand and govern your data landscape. By connecting to data across your on-premises, multicloud, and software-as-a-service (SaaS) sources, the Microsoft Purview Data Map creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end data linage. Data consumers are able to discover data across your organization and data administrators are able to audit, secure, and ensure right use of your data.

For more information about the governance capabilities of Microsoft Purview, formerly Azure Purview, see our overview page. For more information about deploying Microsoft Purview across your organization, see our deployment best practices

To deploy a Microsoft Purview account to your subscription using a Bicep file, follow the guide below.

Prerequisites

• If you don't have an Azure subscription, create a free subscription before you begin.

• An Azure Active Directory tenant associated with your subscription.

• The user account that you use to sign in to Azure must be a member of the contributor or owner role, or an administrator of the Azure subscription. To view the permissions that you have in the subscription, follow these steps:

  1. Go to the Azure portal
  2. Select your username in the upper-right corner.
  3. Select the ellipsis button ("...") for more options.
  4. Then select My permissions.
  5. If you have access to multiple subscriptions, select the appropriate subscription.

• No Azure Policies preventing the creation or update of Storage accounts. Microsoft Purview will deploy a managed Storage account when it is created. If a blocking policy exists and needs to remain in place, please follow our Microsoft Purview exception tag guide and follow the steps to create an exception for Microsoft Purview accounts.

Sign in to Azure

Sign in to the Azure portal with your Azure account.

Review the Bicep file

The Bicep file used in this quickstart is from Azure Quickstart Templates.

@description('Specify a name for the Azure Purview account.')
param purviewName string = 'azurePurview${uniqueString(resourceGroup().id)}'

@description('Specify a region for resource deployment.')
param location string = resourceGroup().location

resource purview 'Microsoft.Purview/accounts@2021-12-01' = {
  name: purviewName
  location: location
  sku: {
    name: 'Standard'
    capacity: 1
  }
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    publicNetworkAccess: 'Enabled'
    managedResourceGroupName: 'managed-rg-${purviewName}'
  }
}

The following resources are defined in the Bicep file:

• Microsoft.Purview/accounts

The Bicep file performs the following tasks:

• Creates a Microsoft Purview account in a specified resource group.

Deploy the Bicep file

1. Save the Bicep file as main.bicep to your local computer.

2. Deploy the Bicep file using either Azure CLI or Azure PowerShell.

   CLI

   az group create --name exampleRG --location eastus
   az deployment group create --resource-group exampleRG --template-file main.bicep
   

   PowerShell

   New-AzResourceGroup -Name exampleRG -Location eastus
   New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep
   

You'll be prompted to enter the following values:

• Purview name: enter a name for the Microsoft Purview account.

When the deployment finishes, you should see a message indicating the deployment succeeded.

Open Microsoft Purview governance portal

After your Microsoft Purview account is created, you'll use the Microsoft Purview governance portal to access and manage it. There are two ways to open Microsoft Purview governance portal:

• Open your Microsoft Purview account in the Azure portal. Select the "Open Microsoft Purview governance portal" tile on the overview page.

• Alternatively, you can browse to https://web.purview.azure.com, select your Microsoft Purview account, and sign in to your workspace.

Get started with your Purview resource

After deployment, the first activities are usually:

• Create a collection
• Register a resource
• Scan the resource

At this time, these actions aren't able to be taken through a Bicep file. Follow the guides above to get started!

Clean up resources

When you no longer need them, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group, firewall, and all related resources.

CLI

az group delete --name exampleRG

PowerShell

Remove-AzResourceGroup -Name exampleRG

Next steps

In this quickstart, you learned how to create a Microsoft Purview (formerly Azure Purview) account and how to access the Microsoft Purview governance portal.

Next, you can create a user-assigned managed identity (UAMI) that will enable your new Microsoft Purview account to authenticate directly with resources using Azure Active Directory (Azure AD) authentication.

To create a UAMI, follow our guide to create a user-assigned managed identity.

Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to Microsoft Purview:

Using the Microsoft Purview governance portal Create a collection Add users to your Microsoft Purview account