29 April 2025

🏭🗒️Microsoft Fabric: Purview [Notes]

Disclaimer: This is work in progress intended to consolidate information from various sources for learning purposes. For the latest information please consult the documentation (see the links below)! 

Last updated: 29-Apr-2025

[Microsoft Purview] Purview
  • {def} comprehensive data governance and security platform designed to help organizations manage, protect, and govern their data across various environments [1]
    • incl. on-premises, cloud & SaaS applications [1]
    • provides the highest and most flexible level of functionality for data governance in MF [1]
      • offers comprehensive tools for 
        • data discovery
        • data classification
        • data cataloging
  • {capability} managing the data estate
    • {tool} dedicated portal
      • aka Fabric Admin portal
      • used to control tenant settings, capacities, domains, and other objects, typically reserved for administrators
    • {type} logical containers
      • used to control access to data and capabilities [1]
      • {level} tenants
        • settings for Fabric administrators [1]
      • {level} domains
        • group data that is relevant to a single business area or subject field [1]
      • {level} workspaces 
        • group Fabric items used by a single team or department [1]
    • {type} capacities
      • objects that limit compute resource usage for all Fabric workloads [1]
  • {capability} metadata scanning
    • extracts values from data lakes
      • e.g. names, identities, sensitivities, endorsements, etc. 
      • can be used to analyze and set governance policies [1]
  • {capability} secure and protect data
    • assure that data is protected against unauthorized access and destructive attacks [1]
    • compliant with data storage regulations applicable in your region [1]
    • {tool} data tags
      • allows to identity the sensitivity of data and apply data retentions and protection policies [1]
    • {tool} workspace roles
      • define the users who are authorized to access the data in a workspace [1]
    • {tool} data-level controls
      • used at the level of Fabric items
        • e.g. tables, rows, and columns to impose granular restrictions.
    • {tool} certifications
      • Fabric is compliant with many data management certifications
        • incl. HIPAA BAA, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27001, ISO/IEC 27701 [1]
  • {feature} OneLake data hub
    • allows users to find and explore the data in their estate.
  • {feature} endorsement
    • allows users to endorse a Fabric item to identity it as of high quality [1]
      • help other users to trust the data that the item contains [1]
  • {feature} data lineage
    • allows users to understand the flow of data between items in a workspace and the impact that a change would have [1]
  • {feature} monitoring hub
    • allows to monitor activities for the Fabric items for which the user has the permission to view [1]
  • {feature} capacity metrics
    • app used to monitor usage and consumption
  • {feature} allows to automate the identification of sensitive information and provides a centralized repository for metadata [1]
  • feature} allows to find, manage, and govern data across various environments
    • incl. both on-premises and cloud-based systems [1]
    • supports compliance and risk management with features that monitor regulatory adherence and assess data vulnerabilities [1]
  • {feature} integrated with other Microsoft services and third-party tools 
    • {benefit} enhances its utility
    • {benefit} streamlines data access controls
      • enforcing policies, and delivering insights into data lineage [1]
  • {benefit} helps organizations maintain data integrity, comply with regulations, and use their data effectively for strategic decision-making [1]
  • {feature} Data Catalog
    • {benefit} allows users to discover, understand, and manage their organization's data assets
      • search for and browse datasets
      • view metadata
      • gain insights into the data’s lineage, classification, and sensitivity labels [1]
    • {benefit} promotes collaboration
      • users can annotate datasets with tags to improve discoverability and data governance [1]
    • targets users and administrator
    • {benefit} allows to discover where patient records are held by searching for keywords [1]
    • {benefit} allows to label documents and items based on their sensitiveness [1]
    • {benefit} allows to use access policies to manage self-service access requests [1]
  • {feature} Information Protection
    • used to classify, label, and protect sensitive data throughout the organization [1]
      • by applying customizable sensitivity labels, users classify records. [1]
      • {concept} policies
        • define access controls and enforce encryption
        • labels follow the data wherever it goes
        • helps organizations meet compliance requirements while safeguarding data against accidental exposure or malicious threats [1]
    • allows to protect records with policies to encrypt data and impose IRM
  • {feature} Data Loss Prevention (DLP)
    • the practice of protecting sensitive data to reduce the risk from oversharing [2]
      • implemented by defining and applying DLP policies [2]
  • {feature} Audit
    • user activities are automatically logged and appear in the Purview audit log
      • e.g. creating files or accessing Fabric items
  • {feature} connect Purview to Fabric in a different tenant
    • all functionality is supported, except that 
      • {limitation} Purview's live view isn't available for Fabric items [1]
      • {limitation} the system can't identify user registration automatically [1]
      • {limitation} managed identity can’t be used for authentication in cross-tenant connections [1]
        • {workaround} use a service principal or delegated authentication [1]
  • {feature} Purview hub
    • displays reports and insights about Fabric items [1]
      • acts as a centralized location to begin data governance and access more advanced features [1]
      • via Settings >> Microsoft Purview hub
      • administrators see information about their entire organization's Fabric data estate
      • provides information about
        • Data Catalog
        • Information Protection
        • Audit
    • the data section displays tables and graphs that analyze the entire organization's items in MF
      • users only see information about their own Fabric items and data

References:
[1] Microsoft Learn (2024) Purview: Govern data in Microsoft Fabric with Purview[link]
[2] Microsoft Learn (2024) Purview: Learn about data loss prevention [link]
[3] Microsoft Learn (2024) [link]

Resources:

Acronyms:
DLP - Data Loss Prevention
M365 - Microsoft 365
MF - Microsoft Fabric
SaaS - Software-as-a-Service
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...

About Me

My photo
Koeln, NRW, Germany
IT Professional with more than 25 years experience in IT in the area of full life-cycle of Web/Desktop/Database Applications Development, Software Engineering, Consultancy, Data Management, Data Quality, Data Migrations, Reporting, ERP implementations & support, Team/Project/IT Management, etc.