Share via


Connect to and manage Microsoft Dataverse in Microsoft Purview (Preview)

This article outlines the process to register and govern a Microsoft Dataverse environment data source in Microsoft Purview including instructions to authenticate and interact with the Microsoft Dataverse source.

Important

This feature is currently in preview. The Supplemental Terms of Use for Microsoft Azure Previews include additional legal terms that apply to Azure features that are in beta, in preview, or otherwise not yet released into general availability.

Supported capabilities

Metadata Extraction Full Scan Incremental Scan Scoped Scan Classification Labeling Access Policy Lineage Data Sharing Live view
Yes Yes No Yes Yes Yes No No No No

When scanning Dataverse source, Microsoft Purview supports extracting technical metadata including:

  • Environment
  • Tables, including columns

When setting up a scan, you can choose to scope the scan by selecting tables as needed.

Known limitations

  • When object is deleted from the data source, currently the subsequent scan won't automatically remove the corresponding asset in Microsoft Purview.

Prerequisites

Register

This section describes how to register Dataverse in Microsoft Purview. Before you create a scan, it’s necessary to register the data source in Microsoft Purview.

Prerequisites for register

  • You'll need to be a Data Source Admin and one of the other Purview roles (for example, Data Reader or Data Share Contributor) to register a source and manage it in the Microsoft Purview governance portal. See our Microsoft Purview Permissions page for details.

Steps to register

It's important to register the data source in Microsoft Purview prior to setting up a scan for the data source.

  1. Go to the Microsoft Purview governance portal by:

  2. Navigate to the Data Map --> Sources

    Screenshot that shows the link to open Microsoft Purview governance portal.

    Screenshot that navigates to the Sources link in the Data Map.

  3. Create the Collection hierarchy using the Collections menu and assign permissions to individual subcollections, as required

    Screenshot that shows the collection menu to create collection hierarchy.

  4. Navigate to the appropriate collection under the Sources menu and select the Register icon to register a new Dataverse data source

    Screenshot that shows the collection used to register the data source.

  5. Select the Dataverse data source and select Continue

    Screenshot that allows selection of the data source.

  6. Provide a suitable Name for the data source. Fill in the Web API endpoint for your Dataverse environment as Environment URL and select a collection and select Apply.

    Screenshot that shows the details to be entered in order to register the data source.

    You can get the Web API endpoint from Developer resources from the Microsoft Power Apps maker portal.

    Screenshot that shows how to find developer resources in order to register the data source.

    Screenshot that shows how to find Web API endpoint in developer resources.

  7. The Dataverse source will be shown under the selected Collection

Scan

Authentication method

Currently Microsoft Purview supports the following options to scan Dataverse:

  • System assigned managed identity (SAMI). This is an identity that's associated directly with your Microsoft Purview account. The SAMI is created when your Microsoft Purview resource is created. It's managed by Azure and uses your Microsoft Purview account's name.
  • Service principal. A service principal is an application that can be assigned permissions like any other group or user, without being associated directly with a person.

Using a system assigned managed identity for scanning

The system-assigned managed identity needs permission to get metadata from Dataverse environments. It must also be authorized to query the Dataverse tables to sample for classification. There are several steps to allow Microsoft Purview to use system-assigned managed identity to scan your Dataverse environment.

Get the application ID for the system-assigned managed identity
  1. Open your Microsoft Purview governance portal.

  2. Go to Data map > Sources to view the collection hierarchy.

  3. Select the New Scan icon under the Dataverse source that you registered earlier.

  4. For Credential, select Microsoft Purview MSI (system) from the drop-down list then click on Show more to view details about the system assigned managed identity.

    Screenshot that shows how to select sami auth.

    Screenshot that shows how to show more for sami auth.

  5. Record the managed identity application ID.

    Screenshot that shows how to find sami.

Create and enable an application user in Power Platform Admin Center

An application user is needed to be created in the Dataverse environment which you want to scan in Microsoft Purview, please follow the steps in Create An Application User to create the user with the application ID you just recorded and assign the security role Service Reader to it.

Screenshot that shows how to create application user.

You can check the application user in the Details page. Now the application user is bound with the system assigned managed identity created with your Microsoft Purview resource.

Create the scan

  1. Open your Microsoft Purview governance portal.
  2. Go to Data map > Sources to view the collection hierarchy.
  3. Select the New Scan icon under the Dataverse source that you registered earlier.
  4. For Name, provide a name for the scan.
  5. For Credential, select the credential you prepared earlier.
  • If system-assigned managed identity is configured for authentication, then select Microsoft Purview MSI (system) from the drop-down list.
  • If service principal is configured for authentication, then select the credential you created before from the drop-down list.
  1. For Select a collection, choose the appropriate collection for the scan.

  2. Select Test connection to validate the connection. After the connection is successful, select Continue.

    Screenshot that shows how to create a scan.

Scope and run the scan

  1. You can scope your scan to specific Dataverse tables by choosing the appropriate items in the list.

    Screenshot that shows how to scope your scan.

  2. Choose your scan trigger. You can set up a schedule or run the scan once.

  3. Review your scan, and then select Save and run.

View and manage a scan

To check the status of a scan, go to the data source in the collection, and then select View details. The scan details indicate the progress of the scan in Last run status, along with the number of assets scanned and classified. Last run status is updated to In progress and then Completed after the entire scan has run successfully. After you run a scan, you can use the run history to manage it. In the run history, you have options for running the scan again, editing it, or deleting it.

Browse, search and view Dataverse assets

Once the scan is completed, you can go to Microsoft Purview Unified Catalog to browse or search the Dataverse related assets, and view related details.

Screenshot that shows how to browse data assets by source types.

Screenshot that shows data asset detail.