Microsoft Purview Data Quality managed virtual networks

Note

The Microsoft Purview Data Catalog is changing its name to Microsoft Purview Unified Catalog. All the features will stay the same. You'll see the name change when the new Microsoft Purview Data Governance experience is generally available in your region. Check the name in your region.

Virtual networks or private endpoints are features in cloud computing platforms, like Azure, that enhance the security and isolation of resources. These endpoints allow you to connect to specific Azure services without exposing them to the public internet.

Virtual network protected endpoints allow access to Azure services from within the virtual network while ensuring that traffic stays within the Azure backbone network. It effectively prevents exposure of the service to the public internet. Private endpoints extend the concept of virtual network protected endpoints further by providing a private IP address within your virtual network for the Azure service. This allows you to access the service using its private IP address, effectively keeping traffic within your virtual network and bypassing the public internet altogether. Private endpoints are available for various Azure services, including Azure Storage, Azure SQL Database, Azure App Service, Azure Key Vault, and more.

A virtual network protected endpoint is essential for scenarios where security and network isolation are critical requirements. Virtual network protected endpoints help organizations ensure that their data and resources are accessible only to authorized users and applications within a controlled network environment, minimizing exposure to potential security threats from the public internet. In this article, we'll take you through the steps to create protected data source connections for data profiling and data quality scans.

User permission requirements

Caution

Compute and Managed Private Endpoint connections are shared across all governance domains of the same purview account for a specific region and datasource.

Configure a data quality managed virtual network

We'll configure a data quality managed virtual network by creating a connection to a protected data source.

  1. From Microsoft Purview Data Catalog, select the Health Management menu and Data quality submenu.

  2. Select a governance domain from the list

  3. Select the Manage button and select Connections from the menu to open connections page.

  4. Select New tab to create a new connection for the data products and data assets of your governance domain.

  5. In the connection page, add connection display name, description, and select the data source type to be connected.

    Screenshot of the data quality page, with a governance domain selected and the connections page open.

  6. Add other data source details like Subscription and Storage Account name or Server Name and database name, depending on the source.

  7. Select the Enable managed V-Net checkbox.

  8. Select the region where the data source is housed.

  9. With all these details, Microsoft Purview Data Quality will check if a compute infrastructure has already been created for the account in that region. If not, you're prompted to create a new virtual network dedicated compute.

    Screenshot of the create connection overview page with the enable managed virtual network selected.

    Tip

    Provisioning of compute takes roughly 10 mins, so after requesting compute provisioning, you can save the connection creation request in draft mode and edit it later.

  10. Once the compute is provisioned, data quality will check if a private endpoint connection to asset already exists. If not, you're prompted to create a private endpoint connection.

    Screenshot of the create connection page with the private endpoint prompt.

  11. Once the private endpoint is created, or if one already exists but wasn't approved, then you're requested to approve the private endpoint connection request.

    Screenshot of the create connection page with the approve private endpoint prompt.

  12. This request can be approved from Networking tab in Storage Account or SQL Server. Select the Private access tab, select a pending connection, and select Approve.

    Screenshot of the networking page of a SQL server private access tab with a request selected.

  13. Select Yes to approve the connection.

    Screenshot of the networking page of a SQL server private access tab with the approval prompt.

  14. You can now see that the request shows as Approved.

    Screenshot of the networking page of a SQL server private access tab showing the request is approved.

    Tip

    After generating the private endpoint connection request, you can save the connection as a draft and resume once the request has been approved.

  15. Once the private endpoint connection is created and approved, you can submit the connection.

    Screenshot of the create connections page where the Submit button is now available.

    Caution

    Test connection is not currently supported for virtual network protected assets.

  16. After the connection is completed, you can run data quality jobs as usual against the virtual network protected data assets.

    Screenshot of the data quality page showing the newly created connection.