Quickstart: Create a Microsoft Purview (formerly Azure Purview) account using Azure PowerShell/Azure CLI

Important

You can only create one Microsoft Purview account per tenant. If your organization already has a Microsoft Purview account, you will not be able to create a new Microsoft Purview account unless your organization already had multiple accounts and is still under the the pre-existing quota. For more information, see the FAQ.

In this Quickstart, you'll create a Microsoft Purview account using Azure PowerShell/Azure CLI. PowerShell reference for Microsoft Purview is available, but this article will take you through all the steps needed to create an account with PowerShell.

The Microsoft Purview governance portal surfaces tools like the Microsoft Purview Data Map and Microsoft Purview Data Catalog that help you manage and govern your data landscape. By connecting to data across your on-premises, multi-cloud, and software-as-a-service (SaaS) sources, the Microsoft Purview Data Map creates an up-to-date map of your information. It identifies and classifies sensitive data, and provides end-to-end linage. Data consumers are able to discover data across your organization, and data administrators are able to audit, secure, and ensure right use of your data.

For more information about the classic governance capabilities of Microsoft Purview, see our governance solutions overview page.

Prerequisites

• If you don't have an Azure subscription, create a free subscription before you begin.

• A Microsoft Entra tenant associated with your subscription.

• The user account that you use to sign in to Azure must be a member of the contributor or owner role, or an administrator of the Azure subscription. To view the permissions that you have in the subscription, follow these steps:

  1. Go to the Azure portal
  2. Select your username in the upper-right corner.
  3. Select the ellipsis button ("...") for more options.
  4. Then select My permissions.
  5. If you have access to multiple subscriptions, select the appropriate subscription.

Sign in to Azure

Sign in to the Azure portal with your Azure account.

Install PowerShell

Install either Azure PowerShell or Azure CLI in your client machine to deploy the template: Command-line deployment

Create an account

1. Sign in with your Azure credential

   PowerShell

   Connect-AzAccount
   

   Azure CLI

   az login
   

2. If you have multiple Azure subscriptions, select the subscription you want to use:

   PowerShell

   Set-AzContext [SubscriptionID/SubscriptionName]
   

   Azure CLI

   az account set --subscription [SubscriptionID/SubscriptionName]
   

3. Create a resource group for your account. You can skip this step if you already have one:

   PowerShell

   New-AzResourceGroup -Name myResourceGroup -Location 'East US'
   

   Azure CLI

   az group create \
     --name myResourceGroup \
     --location "East US"
   

4. Create or Deploy the account:

   PowerShell

   Use the New-AzPurviewAccount cmdlet to create the Microsoft Purview account:

   New-AzPurviewAccount -Name yourPurviewAccountName -ResourceGroupName myResourceGroup -Location eastus -IdentityType SystemAssigned -SkuCapacity 4 -SkuName Standard -PublicNetworkAccess Enabled
   

   Azure CLI

   1. Create a Microsoft Purview template file such as purviewtemplate.json. You can update name, location, and capacity (4 or 16):

      {
        "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
        "contentVersion": "1.0.0.0",
        "resources": [
          {
            "name": "<yourPurviewAccountName>",
            "type": "Microsoft.Purview/accounts",
            "apiVersion": "2020-12-01-preview",
            "location": "EastUs",
            "identity": {
              "type": "SystemAssigned"
            },
            "properties": {
              "networkAcls": {
                "defaultAction": "Allow"
              }
            },
            "dependsOn": [],
            "sku": {
              "name": "Standard",
              "capacity": "4"
            },
            "tags": {}
          }
        ],
        "outputs": {}
      }
      

   2. Deploy Microsoft Purview template

      To run this deployment command, you must have the latest version of Azure CLI.

      az deployment group create --resource-group "<myResourceGroup>" --template-file "<PATH TO purviewtemplate.json>"
      

5. The deployment command returns results. Look for ProvisioningState to see whether the deployment succeeded.

6. If you deployed the account using a service principal, instead of a user account, you'll also need to run the below command in the Azure CLI:

   az purview account add-root-collection-admin --account-name [Microsoft Purview Account Name] --resource-group [Resource Group Name] --object-id [User Object Id]
   

   This command will grant the user account collection admin permissions on the root collection in your Microsoft Purview account. This allows the user to access the Microsoft Purview governance portal and add permission for other users. For more information about permissions in Microsoft Purview, see our permissions guide. For more information about collections, see our manage collections article.

Next steps

In this quickstart, you learned how to create a Microsoft Purview (formerly Azure Purview) account.

Follow these next articles to learn how to navigate the Microsoft Purview governance portal, create a collection, and grant access to the Microsoft Purview governance portal.

• How to use the Microsoft Purview governance portal
• Grant users permissions to the governance portal
• Create a collection