Merge pull request #197482 from linda33wj/purview

PRMerger5 · web-flow · commit 31326730a3d7 · 2022-05-08T19:30:13.000-07:00
Clarify AKV credential retrieval when using SHIR
diff --git a/articles/purview/manage-credentials.md b/articles/purview/manage-credentials.md
@@ -6,7 +6,7 @@ ms.author: viseshag
 ms.service: purview
 ms.subservice: purview-data-map
 ms.topic: how-to
-ms.date: 02/16/2022
+ms.date: 05/09/2022
 ms.custom: ignite-fall-2021, fasttrack-edit
 ---
 
@@ -22,16 +22,18 @@ This article describes how you can create credentials in Microsoft Purview. Thes
 
 A credential is authentication information that Microsoft Purview can use to authenticate to your registered data sources. A credential object can be created for various types of authentication scenarios, such as Basic Authentication requiring username/password. Credential capture specific information required to authenticate, based on the chosen type of authentication method. Credentials use your existing Azure Key Vaults secrets for retrieving sensitive authentication information during the Credential creation process.
 
-In Microsoft Purview, there are few options to use as authentication method to scan data sources such as the following options:
+In Microsoft Purview, there are few options to use as authentication method to scan data sources such as the following options. Learn from each [data source article](azure-purview-connector-overview.md) for the its supported authentication.
 
 - [Microsoft Purview system-assigned managed identity](#use-microsoft-purview-system-assigned-managed-identity-to-set-up-scans)
 - [User-assigned managed identity](#create-a-user-assigned-managed-identity) (preview)
 - Account Key (using [Key Vault](#create-azure-key-vaults-connections-in-your-microsoft-purview-account))
 - SQL Authentication (using [Key Vault](#create-azure-key-vaults-connections-in-your-microsoft-purview-account))
 - Service Principal (using [Key Vault](#create-azure-key-vaults-connections-in-your-microsoft-purview-account))
 - Consumer Key (using [Key Vault](#create-azure-key-vaults-connections-in-your-microsoft-purview-account))
+- And more
 
 Before creating any credentials, consider your data source types and networking requirements to decide which authentication method you need for your scenario.
+
 ## Use Microsoft Purview system-assigned managed identity to set up scans
 
 If you're using the Microsoft Purview system-assigned managed identity (SAMI) to set up scans, you won't need to create a credential and link your key vault to Microsoft Purview to store them. For detailed instructions on adding the Microsoft Purview SAMI to have access to scan your data sources, refer to the data source-specific authentication sections below:
@@ -72,6 +74,9 @@ At the bottom of the page, under Exception, enable the **Allow trusted Microsoft
 
 To connect to Azure Key Vault with private endpoints, follow [Azure Key Vault's private endpoint documentation](../key-vault/general/private-link-service.md).
 
+> [!NOTE]
+> Private endpoint connection option is supported when using Azure integration runtime in [managed virtual network](catalog-managed-vnet.md) to scan the data sources. For self-hosted integration runtime, you need to enable [trusted Microsoft services](#trusted-microsoft-services).
+
 ### Microsoft Purview permissions on the Azure Key Vault
 
 Currently Azure Key Vault supports two permission models:
diff --git a/articles/purview/manage-integration-runtimes.md b/articles/purview/manage-integration-runtimes.md
@@ -6,7 +6,7 @@ ms.author: jingwang
 ms.service: purview
 ms.subservice: purview-data-map
 ms.topic: how-to
-ms.date: 04/13/2022
+ms.date: 05/09/2022
 ---
 
 # Create and manage a self-hosted integration runtime
@@ -125,7 +125,6 @@ Your self-hosted integration runtime machine needs to connect to several resourc
 * The Microsoft Purview services used to manage the self-hosted integration runtime.
 * The data sources you want to scan using the self-hosted integration runtime.
 * The managed Storage account and Event Hubs resource created by Microsoft Purview. Microsoft Purview uses these resources to ingest the results of the scan, among many other things, so the self-hosted integration runtime need to be able to connect with these resources.
-* The Azure Key Vault used to store credentials.
 
 There are two firewalls to consider:
 
@@ -154,7 +153,6 @@ Depending on the sources you want to scan, you also need to allow other domains
 
 | Domain names                  | Outbound ports | Description                              |
 | ----------------------------- | -------------- | ---------------------------------------- |
-| `<your_key_vault_name>.vault.azure.net` | 443 | Required if any credentials are stored in Azure Key Vault. |
 | `<your_storage_account>.dfs.core.windows.net` | 443 | When scan Azure Data Lake Store Gen 2. |
 | `<your_storage_account>.blob.core.windows.net` | 443            | When scan Azure Blob storage. |
 | `<your_sql_server>.database.windows.net` | 1433           | When scan Azure SQL Database. |
