You can use Azure private endpoints for your Microsoft Purview accounts to allow users on a virtual network (VNet) to securely access the catalog over a Private Link. A private endpoint uses an IP address from the VNet address space for your Microsoft Purview account. Network traffic between the clients on the VNet and the Microsoft Purview account traverses over the VNet and a private link on the Microsoft backbone network.
If you're still using the classic portal experience, you can deploy Microsoft Purview account private endpoint, to allow only client calls to Microsoft Purview that originate from within the private network. To connect to the Microsoft Purview governance portal using a private network connectivity, you can deploy portal private endpoint.
For both the new and classic experience, you can deploy ingestion private endpoints if you need to scan Azure IaaS and PaaS data sources inside Azure virtual networks and on-premises data sources through a private connection. This method ensures network isolation for your metadata flowing from the data sources to Microsoft Purview Data Map.
Prerequisites
Before deploying private endpoints for Microsoft Purview account, ensure you meet the following prerequisites:
You need to restrict access to your Microsoft Purview account only via a private endpoint, including access to the Microsoft Purview governance portal, Atlas APIs and scan data sources in on-premises and Azure (but inside a virtual network) using self-hosted integration runtime ensuring end to end network isolation. (Deploy account, _portal, and ingestion private endpoints.)
You need to enable access to your Microsoft Purview account, including access to the Microsoft Purview governance portal and Atlas API through private endpoints. (Deploy account and portal private endpoints).
You need to scan Azure data sources securely, without having to manage a virtual network or a self-hosted integration runtime VM. (Deploy managed private endpoints for Microsoft Purview Azure data sources).
Learn how to securely connect an Azure SQL server using an Azure Private Endpoint via the Azure portal, ensuring private and safe communication with your SQL server.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.