Microsoft Purview
The Microsoft Purview integration enhances data governance and compliance management capabilities. This integration empowers JupiterOne users to more efficiently govern their data landscape, manage compliance across various regulations, and mitigate risks through Purview's advanced data discovery and classification tools.
- Installation guide
- Microsoft Purview data model
Installation
To use this integration, JupiterOne requires registering an app on portal.azure.com, and providing the created app's API credentials in JupiterOne.
Configuration in Microsoft Purview
- Azure Portal Setup:
- Navigate to the Azure Portal at portal.azure.com and sign in.
- Go to App Registrations to create a new application. During this process, take note of the Application (client) ID and Directory (tenant) ID; these will be important for further configurations.
- Authentication Credentials:
- Within your app's settings, visit Certificates & secrets to generate a new client secret. Record its value securely, as it will be required later.
- Microsoft Purview Configuration:
- Access the Microsoft Purview governance portal and log in.
- From the left-side menu, choose Data Map followed by Collections.
- Identify and select the root collection, which is named after your Microsoft Purview account and appears at the top of the list.
- Role Assignment:
- In the collections menu, navigate to the Role assignments tab.
- Assign the newly created service principal (from the Azure portal steps) to the following roles:
- Data Source Admins: This role is essential even though only read operations will be performed.
- Data Readers: Grants read access necessary for integration.
Configuration in JupiterOne
The Account Name used to identify the Microsoft Purview account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled.Description to assist in identifying the integration instance, if desired.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.Provide your Microsoft Purview Account Name, Tenant ID, Client ID, and Client Secret.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | microsoft_purview_account | Account |
| Classification | microsoft_purview_classification | Record |
| Collection | microsoft_purview_collection | DataCollection |
| Data Source | microsoft_purview_data_source | DataObject |
| Entity | microsoft_purview_entity | Entity |
| Scan | microsoft_purview_scan | Assessment |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
microsoft_purview_account | HAS | microsoft_purview_collection |
microsoft_purview_classification | HAS | microsoft_purview_entity |
microsoft_purview_collection | HAS | microsoft_purview_collection |
microsoft_purview_collection | HAS | microsoft_purview_data_source |
microsoft_purview_scan | SCANS | microsoft_purview_data_source |
microsoft_purview_scan | IDENTIFIED | microsoft_purview_entity |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
microsoft_purview_account | HAS | *azure_resource_group* | REVERSE |
microsoft_purview_data_source | CONNECTS | *azure_resource* | FORWARD |
microsoft_purview_entity | IS | *azure_cosmosdb_account* | FORWARD |
microsoft_purview_entity | IS | *azure_cosmosdb_sql_database* | FORWARD |
microsoft_purview_entity | IS | *azure_mariadb_database* | FORWARD |
microsoft_purview_entity | IS | *azure_mariadb_server* | FORWARD |
microsoft_purview_entity | IS | *azure_mysql_database* | FORWARD |
microsoft_purview_entity | IS | *azure_mysql_server* | FORWARD |
microsoft_purview_entity | IS | *azure_postgresql_database* | FORWARD |
microsoft_purview_entity | IS | *azure_postgresql_server* | FORWARD |
microsoft_purview_entity | IS | *azure_sql_database* | FORWARD |
microsoft_purview_entity | IS | *azure_sql_server* | FORWARD |
microsoft_purview_entity | IS | *azure_storage_account* | FORWARD |