Skip to main content

Microsoft Purview

The Microsoft Purview integration enhances data governance and compliance management capabilities. This integration empowers JupiterOne users to more efficiently govern their data landscape, manage compliance across various regulations, and mitigate risks through Purview's advanced data discovery and classification tools.



To use this integration, JupiterOne requires registering an app on, and providing the created app's API credentials in JupiterOne.

Configuration in Microsoft Purview

  1. Azure Portal Setup:
  • Navigate to the Azure Portal at and sign in.
  • Go to App Registrations to create a new application. During this process, take note of the Application (client) ID and Directory (tenant) ID; these will be important for further configurations.
  1. Authentication Credentials:
  • Within your app's settings, visit Certificates & secrets to generate a new client secret. Record its value securely, as it will be required later.
  1. Microsoft Purview Configuration:
  • Access the Microsoft Purview governance portal and log in.
  • From the left-side menu, choose Data Map followed by Collections.
  • Identify and select the root collection, which is named after your Microsoft Purview account and appears at the top of the list.
  1. Role Assignment:
  • In the collections menu, navigate to the Role assignments tab.
  • Assign the newly created service principal (from the Azure portal steps) to the following roles:
    • Data Source Admins: This role is essential even though only read operations will be performed.
    • Data Readers: Grants read access necessary for integration.

Configuration in JupiterOne

  • The Account Name used to identify the Microsoft Purview account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Provide your Microsoft Purview Account Name, Tenant ID, Client ID, and Client Secret.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.