The ability to manage and understand large amounts of data can provide a competitive advantage for businesses. However, managing data well also comes with significant challenges. Ensuring compliance with regulations, managing access to sensitive data, and identifying relevant information in a sea of data can be overwhelming without the right tools and strategies.
This is where Microsoft Purview comes in. Purview is an effective data governance and discovery tool that can simplify the management of your data landscape. By leveraging metadata, machine learning, and other advanced capabilities, Purview can help you gain a holistic view of your data assets and streamline data governance processes.
This guide will explore the benefits of using Microsoft Purview for data governance and discovery and provide practical tips for implementing Purview in your organization.
Introduction to Purview Microsoft
Microsoft Purview is a suite of cloud-based tools that can help organizations manage their data estate. It includes solutions for data governance, risk management, and compliance.
These tools help organizations gain visibility into their data assets, manage end-to-end data risks, and ensure regulatory compliance.
Some key features of Microsoft Purview include:
Features
|
Description
|
Visibility into data assets
|
With Microsoft Purview, organizations can gain a complete view of their data estate. This includes data stored on-premises, in the cloud, and in SaaS applications. Organizations can also discover sensitive data and identify potential risks.
|
Access to data, security, and risk solutions
|
Microsoft Purview integrates with various data, security, and risk solutions, including Azure, Amazon S3, SQL, Hive, and more. This makes it easier for organizations to manage their data estate and ensure compliance with regulatory requirements.
|
Safeguarding sensitive data
|
Microsoft Purview includes features to help organizations safeguard sensitive data. This includes tools to classify data, encrypt data at rest and in transit, and apply access controls.
|
End-to-end risk management
|
Microsoft Purview helps organizations manage end-to-end data risks. This includes potential risk identifications, risk assessments, and implementing controls to mitigate risks.
|
Regulatory compliance
|
Microsoft Purview helps organizations ensure regulatory compliance. It includes tools to help organizations comply with GDPR, CCPA, and other regulations.
|
Data Governance and Its Importance
Data governance refers to the policies and procedures that ensure an organization's data is accurate, handled properly, and safeguarded throughout its life cycle.
Data governance is critical for organizations to ensure that data is accurate, reliable, has integrity, and is secure. Effective data governance establishes the policies and procedures that ensure data is handled properly throughout its lifecycle. It also identifies the individuals or positions responsible for managing and safeguarding specific data types. By implementing effective data governance practices, businesses, IT decision-makers, and CXOs can ensure the quality and security of their data, leading to improved decision-making, increased efficiency, and enhanced business success.
Overview of Microsoft Purview as a Data Governance and Discovery Tool
Microsoft Purview offers unified data governance solutions that can help you manage your data services across your on-premises, multi-cloud, and SaaS estate. This includes popular services such as Azure storage, Power BI, SQL or Hive databases, and Amazon S3 file services.
These solutions are accessible through the Purview Microsoft governance portal, which provides tools that enable your organization to manage and protect your data easily. The tools include:
- Creating an up-to-date map of your entire data estate: This map includes data classification and end-to-end lineage, allowing you to visualize your organization's data landscape easily.
- Identifying where sensitive data is stored in your estate: Purview provides automated data discovery and sensitive data classification, allowing you to identify where sensitive data is stored in your estate.
- Creating a secure environment for data consumers: Microsoft Purview empowers consumers to find valuable, trustworthy data in a secure environment.
- Generating insights about how your data is stored and used: With the Data Estate Insights app, you can obtain a comprehensive view of your organization's data estate, including how your data is stored and used.
Microsoft Azure Purview Key Features & Benefits
Microsoft Azure Purview has many features and benefits that help you discover and manage your data, reduce risk, and ensure compliance with data regulations.
Microsoft Purview Data Catalog
The Purview Data Catalog application enables business and technical users to quickly find relevant data through a search experience that utilizes filters based on various lenses, such as glossary terms, classifications, sensitivity labels, and more. This allows users to easily locate the data they need, regardless of whether they are subject matter experts, data producers, or consumers.
For data stewards and officers, the Data Catalog provides curation features that enable them to manage business glossaries and automate tagging data assets with glossary terms. This helps ensure that data is accurately labeled and easy to find, even as it moves through various storage and processing systems.
One of the key benefits of the Data Catalog is its ability to trace the lineage of data assets visually. For example, users can track the journey of data from its origins in operational systems on-premises, through its movement, transformation, and enrichment via various data storage and cloud managed services, all the way to its consumption in an analytics system like Power BI. This feature allows users to understand better how data flows through their organization and identify potential issues or opportunities for improvement.
Microsoft Purview Data Map
The Purview Data Map automates data discovery by scanning and classifying assets across your data estate. This is achieved through the Microsoft Purview Data Map, a cloud-native PaaS service that captures metadata about enterprise data on-premises and in the cloud. The Data Map is automatically updated using a built-in automated scanning and classification system, and metadata is integrated into a holistic map of the data estate. Users can interact with the Data Map through an intuitive UI or programmatically using Apache Atlas 2.2 APIs.
The auto-scaling feature of the Microsoft Purview Data Map allows for the capacity to be tuned based on intermittent or planned data bursts during specific periods. However, a support ticket needs to be created to get the next level of elasticity window.
Microsoft Purview Data Policy App
Microsoft Purview Data Policy is a cloud-based app that provides central management for access to data sources and datasets at scale. With this app, you can manage access to data sources from a single location and introduce a new data-plane permission model external to data sources. It seamlessly integrates with Microsoft Purview Data Map and Catalog, allowing you to search for data assets and grant access only to what is required via fine-grained policies.
Microsoft Purview Data Policy also includes DevOps policies, allowing IT operations personnel to access SQL system metadata to monitor performance, health, and audit security. This feature limits the potential for insider threats and helps protect data from unauthorized access or misuse.
Microsoft Purview Data Policy is also designed to support SaaS, on-premises, and multi-cloud data sources, providing a path to create policies that leverage any metadata associated with the data objects. This ensures that data remains secure and compliant, regardless of where it is stored or accessed.
The key features include:
Features
|
Description
|
Data owner access policies
|
Allows data owners to create access policies based on role definitions such as Read or Modify. Fine-grained to broad access can be provisioned to users and groups, with conditions to determine when access is granted or revoked.
|
Self-service access policies
|
Business analysts can initiate access requests for data assets in Microsoft Purview’s catalog. Access requests are automatically provisioned based on workflow approvals, ensuring only authorized users can access the data.
This feature reduces the time and effort required to manage access to data assets while maintaining data security and compliance.
|
Microsoft Purview Data Estate Insights App
Microsoft Purview Data Estate Insights is a purpose-built application for governance stakeholders, primarily those involved in data management, compliance, and data use. It offers actionable insights into an organization's data estate, including catalog usage, adoption, and processes.
The Data Estate Insights application automatically extracts the important governance gaps and presents them in its top metrics as data is scanned and populated into the Microsoft Purview Data Map. The application provides drill-down experiences enabling stakeholders like data owners and stewards to take appropriate action to close these gaps.
The reports within the Data Estate Insights application are automatically generated and populated, allowing data governance stakeholders to focus on the information itself instead of building reports.
The available dashboards and reports are categorized into:
- Health
- Inventory and Ownership
- Curation and Governance
Microsoft Purview Data Lifecycle Management
Microsoft Purview provides a comprehensive set of tools and capabilities for data lifecycle management. It enables organizations to retain and delete data per their business requirements and regulatory compliance needs. Data retention policies are the cornerstone of data lifecycle management in Microsoft 365 workloads, including Exchange, SharePoint, OneDrive, Teams, and Yammer.
With retention policies, organizations can configure whether the content needs to be retained indefinitely, for a specific period, or automatically permanently deleted after a specified period. The policies can target all organizational instances or individual instances based on specific departments or regions. For individual emails or document exceptions, retention labels can be used to apply specific retention periods.
Besides retention policies and labels, Microsoft Purview offers information protection solutions to protect data from threats and data breaches. Organizations can deploy information protection solutions with Microsoft Purview to ensure data is secured and protected from unauthorized access.
Microsoft Purview Customer Lockbox
Purview Customer Lockbox is a feature that gives customers greater control over how Microsoft Support Engineers access their data in the event of a support request. It provides an additional layer of security by enabling customers to approve or reject requests made by Microsoft Support Engineers to access their data. This way, customers can ensure authorized personnel access their data only when necessary.
To enable Customer Lockbox, an Office 365 admin needs to:
- Log in to the Office 365 Admin Center and select "Service Settings."
- Expand it to select "Customer Lockbox."
- Toggle the button from the "Off" to the "On" state to enable the feature.
- Once enabled, confirm the change by selecting "Yes" and wait for Office 365 to enable the services.
- After enabling Customer Lockbox, access it by navigating to the Admin portal Dashboard
- Under the Service Overview sections, find "Data Access Requests," where Lockbox requests will appear if any have been made.
- From there, "Approve" or "Deny" the request.
Best Practices for Using Microsoft Purview
It is important to follow best practices to maximize Purview while ensuring data security. Here are some key tips:
- Organize your metadata with collections: Use collections to organize your data sources, assets, and scans. This will help you manage access and implement governance policies more easily.
- Follow the least privilege model: Restrict access based on the need-to-know and least-privilege security principles. Grant users only the amount of access they need to perform their jobs.
- Limit the number of users with write access: Keep the collection admins count and roles of data curator to a minimum. This will help lower the risk of accidental or intentional data loss.
- Use conditional access and multi-factor authentication: Enforce multi-factor authentication and conditional access policies for all privileged accounts to provide an additional layer of security.
- Apply resource locks to prevent accidental deletion: Use resource locks to prevent deletion or modification of critical resources. Apply CanNotDelete or ReadOnly locks to Microsoft Purview accounts to prevent control plane operations, such as deleting the account or deploying a private endpoint.
Need Help with Microsoft Licensing?
Leave your Microsoft licensing, security, and software solutions to us so you can concentrate on moving your business forward.
By following these tips, you’ll be better able to ensure the integrity of your data. Data governance should also be an essential component of business continuity planning.
Even the most robust security measures won’t be effective without ensuring compliance. By utilizing the features within Microsoft Purview, IT managers can more easily ensure that policies and procedures are followed.
If users want to submit data to Microsoft Purview or include Purview as part of an automated process, they can use REST APIs to do so.
Of course, the first step is that the user must have a Microsoft Purview account. In order for a REST API to access the catalog within Purview, a service principal (application) must be created and an identity assigned so that the catalog recognizes Purview and is configured properly to trust it. When REST APIs make calls to the catalog, they use the service principal’s identity.
Microsoft Purview and Collibra are data governance tools but differ in their approach and feature sets. Microsoft Purview focuses on metadata management and data discovery, while Collibra offers more comprehensive governance capabilities. Ultimately, the choice between the two may depend on your organization's needs.
Yes. Microsoft Purview was previously called Azure Purview, but the name was updated because it now combines the compliance solutions from Azure Purview and Microsoft 365 into a single solution.
Microsoft Purview is an effective data governance and discovery tool that can help organizations gain better control over their data assets. By leveraging Purview's comprehensive features, such as metadata scanning and data cataloging, organizations can improve their data management processes and better comply with data regulations. Purview's integration with other Azure services and tools provides an end-to-end data governance and discovery solution.