In this blog, we will learn how to register and scan ADLS Gen2 and Azure SQL Database in Microsoft Purview. First, we will learn the concept of managed identity and how Azure purview uses it. Second, we will learn the steps involved in registering ADLS Gen2. Third, we will learn how to register an Azure SQL DB. In this, we will learn the best practice of storing the Azure SQL DB credentials in an Azure Key Vault and use that Key Vault in Microsoft Purview.
Azure Purview Managed Identity
When building cloud applications these are the common challenges:
- How to manage the credentials in your code for authenticating to cloud services.
- Credentials should never appear on developer workstations and aren’t checked into source control.
Azure Key Vault provides a way to securely store credentials, secrets, and other keys, but your code must authenticate to Key Vault to retrieve them. Managed Identities is an Azure resource feature found in Azure Active Directory (Azure AD) that solves this problem.
You can use the identity to authenticate to any service that supports Azure AD authentication, including Key Vault, without any credentials in your code. The managed identities for Azure resources feature is free and there’s no additional cost. We will use Azure Purview Managed Identity.
Register and scan an Azure Data Lake Storage Gen2 account
We have to follow these steps to register and scan ADLS Gen 2 account:
- Grant the Azure Purview Managed Identity access to ADLS Gen2 so purview can have access to it. Preview managed identity should have storage blob reader permission on ADLS Gen2
- Upload Data to ADLS Gen2 Account so we have adequate data to scan.
- Create a Collection in Azure Purview.
- Register a Source (ADLS Gen2) in Purview.
- Scan ADLS Gen2 with the Purview Managed Identity registered in step 1
- Verify if you can see the ADLS Gen2 assets in Purview
Register and scan an Azure SQL Database
We have to follow these steps to register and scan Azure SQL Database:
- Grant your Azure Account access to Key Vault by adding a new access policy. We will have to grant all the secret permissions.
- Grant Purview Managed identity access to Key Vault by adding a new access policy. Here we will have to grant Get and List permissions so purview can get(retrieve) and list down all the secrets.
- Generate a Secret for SQL Admin in Azure Key Vault. This secret will be used to log in to Azure SQL DB.
- Generate a Secret for SQL Admin in Azure Key Vault. This secret will be used to log in to Azure SQL DB.
- Add SQL Credentials (created above) in Purview so we can use the same credential.
- Register Azure SQL DB in Microsoft Purview.
- Scan Azure SQL Database as a data source with Azure Key Vault Credentials.
- Verify that Purview is able to see tables in the Azure SQL database.
I hope this was useful and you enjoyed it.