Implement a Data Auditing Strategy – Keeping Data Safe and Secure

Before you can design and implement a data security solution, you need to discover and classify your data. As you learned, Microsoft Purview has features for discovering, classifying, and proposing a sensitivity level. In Exercise 8.2 you provisioned a Microsoft Purview account, viewed the Collection Admins role assignments, and added a few collections. In Exercise 8.3 you will perform a scan that discovers data assets within the targeted collection and identifies whether they meet basic classification and sensitivity levels. Before you begin Exercise 8.3, it is important to call out three security actions you took in the previous two exercises that are required for Exercise 8.3 to work. Recall step 4 in Exercise 8.1, where you created an AKV secret named azureSynapseSQLPool that contains the password for your Azure Synapse Analytics dedicated SQL pool.

You will configure Microsoft Purview to use this Azure Key Vault secret to access and analyze the assets within that dedicated SQL pool. In Exercise 8.2, step 2, you validated that your account was in the Collection Admins group on the Role Assignments tab for the root collection. Additionally, in step 5 of Exercise 8.2 you granted Get and List permissions to the Azure Key Vault secret to your Microsoft Purview account identity. As you will configure in Exercise 8.3, one more permission is required to make this work for your Azure Synapse Analytics dedicated SQL pool. The same Microsoft Purview account identity that you granted access to Azure Key Vault must be added to the Reader role via Access control (IAM) on your Azure Synapse Analytics workspace.

Note that each Azure product that you want to perform a scan on from Microsoft Purview will likely have its own set of permissions and role access requirements. You will need to find this out using online documentation on a product‐by‐product basis. Exercise 8.3 and previous exercises provide the instructions to perform a scan on an Azure Synapse Analytics dedicated SQL pool. Complete Exercise 8.3 to gain hands‐on experience with this product and feature.