Microsoft Purview Cheat Sheet

• Unified data governance platform that enables organizations to manage data across on-premises, multi-cloud, and SaaS environments.
• It facilitates the discovery, classification, cataloging, and governance of the enterprise.
• Integrates with Azure, Microsoft 365, Power BI, and other platforms.

Core Capabilities

• Data Discovery & Classification
  • Automatically scans and classifies data using built-in and custom classifiers.
  • Supports sensitive data types like PII, financial records, and health information.
• Data Catalog
  • Centralized metadata repository.
  • Enables search and exploration of data assets with lineage and glossary support.
• Data Map
  • Automatically builds a map of data assets across hybrid environments.
  • Continuously updates via scanning and ingestion.
• Data Lineage
  • Visualizes end-to-end data movement and transformation.
  • Tracks data flow across services like Azure Data Factory, Synapse, Power BI.
• Glossary
  • Business-friendly terms linked to technical metadata.
  • Promotes consistent understanding across teams.

Governance & Compliance

• Access Control
  • Role-based access (RBAC) for managing who can view, edit, or manage assets.
  • Integration with Microsoft Entra ID (formerly Azure AD).

• Policy Management
  • Define and enforce data access policies across services.
  • Supports column-level security and data masking.
• Insights & Reporting
  • Dashboards for data classification, scan status, and policy compliance.
  • Helps identify governance gaps and data risks.

Azure Service Integrations

Key Tools & Interfaces

• Purview Studio
  • Web-based interface for managing catalogs, scans, glossary, and lineage.
• REST APIs
  • Automate asset management, trigger scans, and ingest metadata programmatically.
• Azure Portal
  • Used for provisioning Purview resources and assigning roles.

Setup & Best Practices

• Start with Data Map creation and connect sources.
• Use scans to populate the catalog and classify data.
• Define glossary terms early to align business and technical teams.
• Monitor lineage to understand data dependencies.
• Apply RBAC and policies to secure sensitive data.

Pricing

• Per-User Licensing
  • Applies to Microsoft 365 and Windows/macOS endpoints.
  • Included in Microsoft 365 E5/A5/F5/G5 licenses.
• Pay-As-You-Go (PAYG)
  • Azure-based consumption model.
  • Required for non-Microsoft 365 sources and advanced governance/security features.
  • Charges accrue based on the usage of specific features and data volumes.

Data Governance

• Unified Catalog
  • Billed per governed asset per day.
  • Governed assets = assets linked to governance concepts (e.g., data products).
• Data Health Management
  • Billed via Data Governance Processing Units (DGPU).
  • DGPU = 60 minutes of compute time.
  • Performance tiers: Basic, Standard, Advanced.

Data Security

• At-Rest Protection: Per asset/day.
• In-Transit Protection: $0.50 per 10K requests.
• Insider Risk Management: $25 per 10K events.
• Data Security Investigations: $5/GB stored + SCU usage.
• On-Demand Classification: $20 per 10K assets.

Key Concepts

• DGPU (Data Governance Processing Unit): Used for data quality and health jobs.
• SCU (Security Compute Unit): Used for AI-powered investigations and analysis.
• Governed Asset: A technical asset (e.g., table, file) linked to a governance concept.
• Text Record: Up to 1,000 characters; used in AI compliance billing.

Microsoft Purview Cheat Sheet Resources:

https://learn.microsoft.com/en-us/purview/purview
https://azure.microsoft.com/en-us/pricing/details/purview/
https://azure.microsoft.com/en-us/pricing/details/cognitive-services/content-safety/
https://learn.microsoft.com/en-us/purview/developer/data-security-concepts