You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/purview/tutorial-azure-purview-checklist.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ This article lists prerequisites that help you get started quickly on Azure Purv
25
25
|7 |An Azure Virtual Network and Subnet(s) for Azure Purview private endpoints. |*Network Contributor* to create or update Azure VNet. |Use this step if you're planning to deploy [private endpoint connectivity with Azure Purview](catalog-private-link.md): <ul><li>Private endpoints for **Ingestion**.</li><li>Private endpoint for Azure Purview **Account**.</li><li>Private endpoint for Azure Purview **Portal**.</li></ul> <br> Deploy [Azure Virtual Network](../virtual-network/quick-create-portal.md) if you need one. |
26
26
|8 |Deploy private endpoint for Azure data sources. |*Network Contributor* to set up private endpoints for each data source. |Perform this step, if you're planning to use [Private Endpoint for Ingestion](catalog-private-link-end-to-end.md). |
27
27
|9 |Define whether to deploy new or use existing Azure Private DNS Zones. |Required [Azure Private DNS Zones](catalog-private-link-name-resolution.md) can be created automatically during Purview Account deployment using Subscription Owner / Contributor role |Use this step if you're planning to use Private Endpoint connectivity with Azure Purview. Required DNS Zones for Private Endpoint: <ul><li>privatelink.purview.azure.com</li><li>privatelink.purviewstudio.azure.com</li><li>privatelink.blob.core.windows.net</li><li>privatelink.queue.core.windows.net</li><li>privatelink.servicebus.windows.net</li></ul> |
28
-
|10 |A management machine in your CorpNet or inside Azure VNet to launch Azure Purview Studio. |N/A |Use this step if you're planning to set **Allow Public Network** to **deny** on you Azure Purview Account. |
28
+
|10 |A management machine in your CorpNet or inside Azure VNet to launch Azure Purview Studio. |N/A |Use this step if you're planning to set **Allow Public Network** to **deny** on your Azure Purview Account. |
29
29
|11 |Deploy an Azure Purview Account |Subscription Owner / Contributor |Purview account is deployed with 1 Capacity Unit and will scale up based [on demand](concept-elastic-data-map.md). |
30
30
|12 |Deploy a Managed Integration Runtime and Managed private endpoints for Azure data sources. |*Data source admin* to setup Managed VNet inside Azure Purview. <br> *Network Contributor* to approve managed private endpoint for each Azure data source. |Perform this step if you're planning to use [Managed VNet](catalog-managed-vnet.md). within your Azure Purview account for scanning purposes. |
31
31
|13 |Deploy Self-hosted integration runtime VMs inside your network. |Azure: *Virtual Machine Contributor* <br> On-prem: Application owner |Use this step if you're planning to perform any scans using [Self-hosted Integration Runtime](manage-integration-runtimes.md). |
@@ -40,12 +40,12 @@ This article lists prerequisites that help you get started quickly on Azure Purv
40
40
|22 |Grant Azure RBAC **Reader** role to **Azure Purview MSI** at **Synapse workspace** resources |Owner or User Access Administrator at data source |Use this step if you have **Azure Synapse Analytics** as data sources. **Skip** this step if you are using Private Endpoint to connect to data sources. |
41
41
|23 |Grant Azure **Purview MSI account** with **db_datareader** role |Azure SQL Administrator |Use this step if you have **Azure Synapse Analytics (Dedicated SQL databases)**. <br> **Skip** this step if you are using **Private Endpoint** to connect to data sources. |
42
42
|24 |Grant **Azure Purview MSI** account with **sysadmin** role |Azure SQL Administrator |Use this step if you have Azure Synapse Analytics (Serverless SQL databases). **Skip** this step if you are using **Private Endpoint** to connect to data sources. |
43
-
|25 |Create an app registration or service principal inside your Azure Active Directory tenant | Azure Active Directory *Global Administrator* or *Application Administrator*| Use this step if you're planning to perform an scan on a data source using Delegated Auth or [Service Principal](create-service-principal-azure.md).|
43
+
|25 |Create an app registration or service principal inside your Azure Active Directory tenant | Azure Active Directory *Global Administrator* or *Application Administrator*| Use this step if you're planning to perform a scan on a data source using Delegated Auth or [Service Principal](create-service-principal-azure.md).|
44
44
|26 |Create an **Azure Key Vault** and a **Secret** to save data source credentials or service principal secret. |*Contributor* or *Key Vault Administrator*|Use this step if you have **on-premises** or **VM-based data sources** (e.g. SQL Server). <br> Use this step are using **ingestion private endpoints** to scan a data source. |
45
45
|27 |Grant Key **Vault Access Policy** to Azure Purview MSI: **Secret: get/list**|*Key Vault Administrator*|Use this step if you have **on-premises** / **VM-based data sources** (e.g. SQL Server) <br> Use this step if **Key Vault Permission Model** is set to [Vault Access Policy](../key-vault/general/assign-access-policy.md). |
46
46
|28 |Grant **Key Vault RBAC role** Key Vault Secrets User to Azure Purview MSI. |*Owner* or *User Access Administrator*|Use this step if you have **on-premises** or **VM-based data sources** (e.g. SQL Server) <br> Use this step if **Key Vault Permission Model** is set to [Azure role-based access control](../key-vault/general/rbac-guide.md). |
47
47
|29 | Create a new connection to Azure Key Vault from Azure Purview Studio | *Data source admin* | Use this step if you are planing to use any of the following [authentication options](manage-credentials.md#create-a-new-credential) to scan a data source in Azure Purview: <ul><li>Account key</li><li>Basic Authentication</li><li>Delegated Auth</li><li>SQL Authentication</li><li>Service Principal</li><li>Consumer Key</li></ul>
48
-
|30 |Deploy a private endpoint for Power BI tenant |*Power BI Administrator* <br> *Network contributor*|Use this step if you're planning to register a Power BI tenant as data source and your Azure Purview Purview account is set to **deny public access**. <br> For more information, see [How to configure private endpoints for accessing Power BI](/power-bi/enterprise/service-security-private-links). |
48
+
|30 |Deploy a private endpoint for Power BI tenant |*Power BI Administrator* <br> *Network contributor*|Use this step if you're planning to register a Power BI tenant as data source and your Azure Purview account is set to **deny public access**. <br> For more information, see [How to configure private endpoints for accessing Power BI](/power-bi/enterprise/service-security-private-links). |
49
49
|31 |Connect Azure Data Factory to Azure Purview from Azure Data Factory Portal. **Manage** -> **Azure Purview**. Select **Connect to a Purview account**. <br> Validate if Azure resource tag **catalogUri** exists in ADF Azure resource. |Azure Data Factory Contributor / Data curator |Use this step if you have **Azure Data Factory**. |
50
50
|32 |Verify if you have at least one **Microsoft 365 required license** in your Azure Active Directory tenant to use sensitivity labels in Azure Purview. |Azure Active Directory *Global Reader*|Perform this step if you're planning in extending **Sensitivity Labels from Microsoft 365 to Azure Purview** <br> For more information, see [licensing requirements to use sensitivity labels on files and database columns in Azure Purview](sensitivity-labels-frequently-asked-questions.yml)|
51
51
|33 |Consent "**Extend labeling to assets in Azure Purview**" |Compliance Administrator <br> Azure Information Protection Administrator |Use this step if you are interested in extending Sensitivity Labels from Microsoft 365 to Azure Purview. <br> Use this step if you are interested in extending **Sensitivity Labels** from Microsoft 365 to Azure Purview. |
0 commit comments