Create a Microsoft Purview (formerly Azure Purview) account
Important
You can only create one Microsoft Purview account per tenant. If your organization already has a Microsoft Purview account, you will not be able to create a new Microsoft Purview account unless your organization already had multiple accounts and is still under the the pre-existing quota. For more information, see the FAQ.
Tip
If your organization hasn't created a Microsoft Purview account in Azure before, start in the new Microsoft Purview portal: https://purview.microsoft.com. You can use the free version to test capabilities, and upgrade to the enterprise version for the full data governance in Microsoft Purview features.
This quickstart describes the steps to create a Microsoft Purview (formerly Azure Purview) account through the Azure portal. Then we'll get started on the process of classifying, securing, and discovering your data in the Microsoft Purview Data Map!
The Microsoft Purview governance portal surfaces tools like the Microsoft Purview Data Map and Microsoft Purview Data Catalog that help you manage and govern your data landscape. By connecting to data across your on-premises, multicloud, and software-as-a-service (SaaS) sources, the Microsoft Purview Data Map creates an up-to-date map of your data estate. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.
For more information about the governance capabilities of Microsoft Purview, see our governance solutions overview page.
Prerequisites
If you don't have an Azure subscription, create a free subscription before you begin.
A Microsoft Entra tenant associated with your subscription.
The user account that you use to sign in to Azure must be a member of the contributor or owner role, or an administrator of the Azure subscription. To view the permissions that you have in the subscription, follow these steps:
- Go to the Azure portal
- Select your username in the upper-right corner.
- Select the ellipsis button ("...") for more options.
- Then select My permissions.
- If you have access to multiple subscriptions, select the appropriate subscription.
Sign in to Azure
Sign in to the Azure portal with your Azure account.
Create an account
Tip
If you're creating the first Microsoft Purview account in your tenant, you don't need to set anything up and you should use the free version of Microsoft Purview governance solutions at https://purview.microsoft.com.
Important
If you have any Azure Policies preventing creation of Storage accounts or Event Hub namespaces, or preventing updates to Storage accounts first follow the Microsoft Purview exception tag guide to create an exception for Microsoft Purview accounts. Otherwise you will not be able to deploy Microsoft Purview.
Search for Microsoft Purview in the Azure portal.
Select Create to create a new Microsoft Purview account.
Or instead, you can go to the marketplace, search for Microsoft Purview, and select Create.
On the new Create Microsoft Purview account page under the Basics tab, select the Azure subscription where you want to create your account.
Select an existing resource group or create a new one to hold your account.
To learn more about resource groups, see our article on using resource groups to manage your Azure resources.
Enter a Microsoft Purview account name. Spaces and symbols aren't allowed.
The name of the Microsoft Purview account must be globally unique. If you see the following error, change the name of Microsoft Purview account and try creating again.
Choose a location.
The list shows only locations that support the Microsoft Purview governance portal, and if this is your organization's first Microsoft Purview account, the location is restricted to the one that matches your Microsoft Entra ID home region. This location is the region where your Microsoft Purview account and metadata are stored. Sources can be housed in other regions.
Note
The Microsoft Purview, formerly Azure Purview, does not support moving accounts across regions, so be sure to deploy to the correction region. You can find out more information about this in move operation support for resources.
On the Networking tab you can choose to connect to all networks, or to use private endpoints. For more information and configuration options, see Configure firewall settings for your Microsoft Purview account and private endpoints for Microsoft Purview articles.
On Configuration tab you can choose to configure Event Hubs namespaces to programmatically monitor your Microsoft Purview account using Event Hubs and Atlas Kafka.
Note
These options can be configured after you have created your account in Kafka configuration under settings on your Microsoft Purview account page in the Azure Portal.
On the Tags tab, add a tag called Purview environment, and give it one of the below values:
Value Meaning Production This account is being used or will be used in the future to support all my cataloging and governance requirements in production. Pre-Production This account is being used or will be used in the future to validate cataloging and governance requirements before making it available to my users in production. Test This account is being used or will be used in the future to test out capabilities in Microsoft Purview Governance. Dev This account is being used or will be used in the future to test out capabilities or develop custom code, scripts etc. in Microsoft Purview Governance. Proof of Concept This account is being used or will be used in the future to test out capabilities or develop custom code, scripts etc. in Microsoft Purview Governance. Select Review & Create, and then select Create. It takes a few minutes to complete the creation. The newly created account appears in the list on your Microsoft Purview accounts page.
(OPTIONAL, BUT HIGHLY REOMMENDED) Protect your account
In order to protect your Microsoft Purview Account from accidental deletion, Microsoft recommended creation of the Azure Policy ['DenyAction'] (/azure/governance/policy/concepts/effect-deny-action#denyaction-example)
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Purview/accounts"
},
{
"field": "tags.environment",
"equals": "Production"
}
]
},
"then": {
"effect": "denyAction",
"details": {
"actionNames": [
"delete"
],
"cascadeBehaviors": {
"resourceGroup": "deny"
}
}
}
}
Open the Microsoft Purview governance portal
After your account is created, you can use the Microsoft Purview portal to access and manage it.
In a browser, navigate directly to https://purview.microsoft.com to access the portal.
For more information about using the portal, see our documentation on the Microsoft Purview portal.
Next steps
In this quickstart, you learned how to create a Microsoft Purview (formerly Azure Purview) account, and how to access it.
Next, you can create a user-assigned managed identity (UAMI) that will enable your new Microsoft Purview account to authenticate directly with resources using Microsoft Entra authentication.
To create a UAMI, follow our guide to create a user-assigned managed identity.
Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to the Microsoft Purview Data Map: