Microsoft Purview and Azure Policy

Natasha Ong
This is some text inside of a div block.
4 min read

In a nutshell:

Microsoft Purview focuses on data management for on-premise, other clouds, and software-as-a-service platforms. Purview finds, identifies, and tracks data across all your resources.
Azure Policy is your rulebook for Azure resources, setting guidelines for users can and can't do. It also makes sure all resources are compliant with company and government standards/regulations.

Microsoft Purview

Microsoft Purview is a set of tools designed to help you manage your data, even if this data sits in your on-premise data centres, other cloud providers, or software-as-a-service platforms. As a governance and compliance service, Purview is focused on making sure data is classified and protected effectively.

With Microsoft Purview, you can:

  • Automatically find data: It looks through your data and organises it so you can easily manage it.
  • Identify sensitive data: It spots data that needs extra protection.
  • Track your data's journey: You can see where your data comes from, where it goes, and how it's used.

Microsoft Purview has two key areas:

  1. Risk and compliance: It uses services like Microsoft 365's Teams, OneDrive and Exchange to help you protect sensitive data across different clouds, app and devices; and identify data risks and meet compliance rules.
  2. Unified data governance: This part of Purview helps manage data from on-premise servers, multicloud, and software as a service. For example, you can now manage data across Azure, physical servers, SQL databases, and even other clouds like AWS. It helps you make a map of all your data that shows what's sensitive, find where sensitive data is kept, make it easy for people to find and use data, and find out how your data is stored and used. You can also control who gets to see your data.
Illustration showing the main areas for Microsoft Purview.

Azure Policy

Azure Policy is your assistant for making sure your cloud resources follow your company's rules and regulations. It helps you create, assign, and manage rules that keep your cloud stuff in line with what your company needs.

Azure Policy:

  • Creates rules: You can make your own rules or use template rules that have already been set up (these are called initiatives, which you'll learn in a second).
  • Checks your stuff: It keeps an eye on your cloud stuff to make sure it follows the rules you've set. If something doesn't match up, it tells you or fixes it automatically. For example, if you've made a policy that all resources in a certain resource group should be tagged with 'AppName', Azure Policy will automatically apply that tag if it is missing on a resource. But, iIf you have a specific resource that you don’t want Azure Policy to automatically fix, you can tell Azure Policy that the resource is an exception.
  • Stops unwanted stuff: It can even stop stuff that doesn't follow the rules from being created in the first place.

Azure Policy works in different places in your cloud, and the policies can be set at different scopes - at a resource, resource group, subscription or even management group level. As a reminder, if you make a rule at a high level, it applies to everything underneath. For example, if you set an Azure Policy on a resource group, all resources within that resource group will automatically receive the same policy.

Azure Policy provides a whole list of rules it can implement - we'll dive into this in the exercise!

Azure Policy Initiatives

An "initiative" is a collection of rules that help you reach a bigger goal. It's like an ingredients list to make a delicious meal.

For example, there's an initiative called "Enable Monitoring in Azure Security Centre." Its goal is to monitor all the security recommendations from Azure Security Centre. Under this initiative, there are over 100 separate policy definitions - one for each specific type of recommendation it wants to track!