Prerequisites for Connecting to Microsoft Purview
For Microsoft Purview Plugin, to successfully connect:
- Application must be registered on Microsoft Azure Portal
- Several API permissions must be enabled for the application on Microsoft Azure Portal
- A new Client Secret must be generated
Register a Microsoft Purview App
Access Azure Portal's Home
- [App registrations]
- [+ New registration]
- Name: Give the app a descriptive name
- Supported account types: Select the "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)" option
-
Redirect URI: Choose "Public client/native" from the drop-down
- Setting the value for Redirect URI is required for OAuth, but can be done later. Select the OAuth type at the following step to see the instructions
Locate the Application ID and Tenant (Directory) ID
Access the Overview tab
The Application (client) ID and Directory (Tenant) ID that are necessary to establish connectivity between Metric Insights and Microsoft Purview can be found in Essentials section.
Add Redirect URl
Access Authentication tab
- Click Add URl
- Insert the URl in a form "https://<the URl of your Metric Insights instance>/editor/service/validatepowerbioauth"
- [Save]
Enable Permissions
Access API permissions tab
Add Azure Purview Permission
- [+ Add a permission]
- Find and click the Azure Purview option
- Click the Delegated permissions option
- Activate the checkbox in the Purview.DelegatedAccess row
- [Add permissions]
Without this Permission, Metric Insights won't be able to access the API from which it takes all the data.
Add Microsoft Graph Permissions
- [+ Add a permission]
- Find and click the Microsoft Graph option
- Click the Delegated permissions option
- Find the User section and activate the checkbox in the User.Read row
- Click the Application permissions option
- Activate the checkboxes:
- Find the Directory section and activate the Directory.Read.All
- Find the Group section and activate Group.Read.All and GroupMember.Read.All
- Find the User section and activate the User.Read.All
- [Update permissions]
Metric Insights need those permissions to get human-readable user values instead of IDs.
Add a New Client Secret
Access Certificates & secrets tab
- [+ New client secret]
- Description: Give the secret a descriptive name
- Expires: Select "Recommended: 6 month" option from the drop-down menu
- [Add]
Click the "Copy to clipboard" icon to copy the secret's Value. Save it for the Metric Insights Data Source creation process.
Locate the Base URl
Access Microsoft Azure Home
Go to the Microsoft Purview accounts.
- Click the account's Active Name link
- Open the Properties tab
- Atlas endpoint or Scan endpoint can be used as the Base URl that will be necessary for the Metric Insights Data Source creation