Costa Rica
Last updated: 2025-07-17
Microsoft Purview provides a unified data governance solution that enables organizations to manage and govern their on-premises, multi-cloud, and software-as-a-service (SaaS) data. Integrating Azure Database for MySQL with Purview allows you to discover, classify, and manage sensitive data, enforce compliance, and monitor data usage across your organization.
List of References
Table of Content
- Go to the Microsoft Purview Studio.
- Navigate to Data Map > Register > Azure Database for MySQL.
- Provide the required connection details (server name, authentication, etc.).
- Set up a scan rule set to define what metadata and classifications to extract.
- Schedule regular scans to keep metadata and classifications up to date.
- Use Unity Catalog within Purview to manage access policies, data lineage, and data sharing.
- Assign roles such as Data Owner, Data Steward, and Data Consumer to control access and responsibilities.
- Track data movement and transformations for compliance and auditing.
- Apply built-in or custom classifiers to automatically detect and label sensitive data (e.g., PII, financial data).
- Use labels to drive downstream policies such as Data Loss Prevention (DLP) and access controls.
DLP projects in Purview help you identify, monitor, and protect sensitive data within your MySQL databases.
E.g: DLP Policy for Subscription-Based Services (Click to expand)
Safeguard user payment preferences and account activity in SaaS platforms hosted on MySQL.
Steps:
- Create a DLP Policy: Apply to
subscriptions,payment_settings, andinvoices. - Define Detection Rules: Use classifiers for credit card tokens, billing addresses, and transaction amounts.
- Set Actions:
- Encrypt outputs containing sensitive billing fields.
- Alert finance admins for bulk export actions.
- Monitor and Audit: Track frequency of full-table reads and ensure they map to approved business operations.
E.g: DLP Policy for E-Commerce Order History (Click to expand)
Limit access to buyer preferences, addresses, and purchase patterns.
Steps:
- Create a DLP Policy: Focus on tables like
orders,shipping_info, andorder_notes. - Define Detection Rules: Detect fields such as customer name, address, product SKUs, and delivery comments.
- Set Actions:
- Redact buyer notes unless requested by support staff.
- Block ad hoc exports for large date ranges unless business-justified.
- Monitor and Audit: Visualize export frequency spikes around campaign or holiday events.
E.g: DLP Policy for Developer Debug Logs (Click to expand)
Prevent accidental leaks of sensitive environment metadata logged to MySQL by dev tools.
Steps:
- Create a DLP Policy: Apply to
debug_logs,system_diagnostics, orerror_trace. - Define Detection Rules: Detect tokens, API keys, internal IPs, or exception traces.
- Set Actions:
- Mask sensitive values automatically in user-facing reports.
- Notify platform engineers when secrets are detected in logging activity.
- Monitor and Audit: Use classification results to drive improved CI/CD pipeline practices.
E.g: DLP Policy for Regional Customer Restrictions (Click to expand)
Enforce localization by limiting access to user data based on country or regulatory region.
Steps:
- Create a DLP Policy: Target tables like
user_profile,preferences,order_locationwithregion_codeorcountry_id. - Define Detection Rules: Apply filters by jurisdiction (e.g., only users in LATAM).
- Set Actions:
- Block access to region-restricted records for global analysts.
- Prompt approval workflows for exports involving cross-border records.
- Monitor and Audit: Visualize access by region and link flagged incidents to internal access policy violations.
Note
- Costs may vary based on region, scan frequency, and data volume.
- Use Azure Pricing Calculator for precise estimates.
- Set up budgets and alerts in Azure Cost Management to avoid overruns.
Microsoft Purview Account:: Billed per vCore-hour and per GB of data processed during scans. The pricing structure is based on:
- Data Map (capacity units, always-on)
- Scanning (pay-as-you-go, based on vCore usage and scan duration)
- Managed Virtual Network and API/Data Transfer costs for cross-cloud governance
- Resource Set Processing (based on processing time)
Tip
Click here to understand more about Azure Purview Cost Estimation
- Automate Scans: Schedule regular scans to keep metadata and classifications current.
- Least Privilege: Assign only necessary permissions to users and service principals.
- Monitor Usage: Regularly review Purview dashboards for unusual activity or policy violations.
- Review Costs: Monitor Purview and MySQL usage to optimize resource allocation and control expenses.
Azure Database for MySQL can be integrated with Microsoft Purview to enable a Unity Catalog for data governance and management. This integration allows you to:
- Discover and classify sensitive data.
- Track data lineage across your MySQL databases.
- Enable centralized data governance.
- Register the MySQL Database:
- Navigate to the Microsoft Purview portal.
- Register your Azure Database for MySQL as a data source.
- Scan the Data Source:
- Configure scanning rules to classify and catalog the data.
- Schedule periodic scans to keep the catalog updated.
- Manage Data Lineage: Use Purview to visualize data lineage across your MySQL databases.
- Set Up Access Policies: Define access policies for data governance using Purview.
- Enhanced data discovery and classification.
- Improved compliance and governance.
- Centralized management of data assets.
Refresh Date: 2025-07-17