integration-with-purview.md

Integrating Azure Database for PostgreSQL with Microsoft Purview

Costa Rica

Last updated: 2025-07-17

---

Microsoft Purview offers a centralized data governance solution across hybrid and multi-cloud environments. Integrating Azure Database for PostgreSQL with Purview allows you to automate metadata scanning, classify structured and unstructured data, monitor access to sensitive data, and apply policy-driven DLP controls, all in support of regulatory and business compliance.

List of References

• Microsoft Purview Documentation
• Azure Database for PostgreSQL Documentation
• Purview Data Loss Prevention
• Azure Pricing Calculator

Table of Content

• How to Integrate Azure PostgreSQL with Purview
  • Registering PostgreSQL in Purview
  • Enabling Unity Data Governance
  • Data Classification and Labeling
• Managing DLP Data Loss Prevention Projects
• Cost Management and Budgeting
• Best Practices
• Integration with Purview for Unity Catalog
  • Steps to Integrate
  • Benefits

How to Integrate Azure PostgreSQL with Purview

Registering PostgreSQL in Purview

• Open Microsoft Purview Studio.
• Navigate to Data Map > Register > Azure Database for PostgreSQL.
• Provide necessary connection details: host, port, authentication type, SSL config.
• Select the relevant databases and schemas to scan.
• Configure scan rules and schedule automatic scans for metadata refresh.

Enabling Unity Data Governance

• Utilize Unity Catalog to define and enforce access controls across datasets.
• Assign governance roles like Data Owner, Steward, and Consumer to PostgreSQL data assets.
• Enable lineage tracking to trace how data flows from PostgreSQL into downstream BI or ML systems.

Data Classification and Labeling

• Use built-in classifiers (e.g., PII, financial, healthcare) or configure custom regex patterns.
• Apply tags like Confidential, Internal Use Only, or GDPR-Sensitive to selected PostgreSQL columns.
• Integrate these labels with Microsoft Purview policies to drive access restrictions and audits.

Managing DLP (Data Loss Prevention) Projects

DLP policies for PostgreSQL in Purview help safeguard sensitive data, detect risky behaviors, and mitigate unauthorized access or exports.

E.g: DLP Policy for Privacy Requests (GDPR) (Click to expand)

Fulfill data subject requests and enforce retention policies on customer records.

Steps:

1. Create a DLP Policy: Apply to tables like customers, login_sessions, preferences.
2. Define Detection Rules: Use classifiers for names, emails, phone numbers, and IP addresses.
3. Set Actions:
   • Alert Data Protection Officers on access to expired retention data.
   • Mark records eligible for deletion or redaction.
4. Monitor and Audit: Review logs and policy triggers using Purview’s compliance dashboard.

E.g: DLP Policy for Financial Transaction Logs (Click to expand)

Protect payment records in compliance with PCI DSS or local finance laws.

Steps:

1. Create a DLP Policy: Focus on tables like transactions, billing_statements, refunds.
2. Define Detection Rules: Detect patterns like credit card numbers, bank routing codes, or IBANs.
3. Set Actions:
   • Mask account numbers and transaction details for general users.
   • Notify finance leads on suspected mass exports or dumps.
4. Monitor and Audit: View access maps filtered by time-of-day or source IP.

E.g: DLP Policy for Healthcare Encounters (Click to expand)

Enforce HIPAA-equivalent practices for healthcare-related apps built on PostgreSQL.

Steps:

1. Create a DLP Policy: Scan tables like medical_visits, patient_conditions, insurance_claims.
2. Define Detection Rules: Detect MRNs, ICD-10 codes, medication fields.
3. Set Actions:
   • Restrict access to only licensed care teams.
   • Encrypt report exports and flag audit logs for external transmission.
4. Monitor and Audit: Maintain a change-tracking history for sensitive records.

Cost Management and Budgeting

Integrating with Purview introduces additional costs for scanning, classification, and governance. Below is a breakdown and example budget.

Note

• Costs may vary based on region, scan frequency, and data volume.
• Use Azure Pricing Calculator for precise estimates.
• Set up budgets and alerts in Azure Cost Management to avoid overruns.

Microsoft Purview Account:: Billed per vCore-hour and per GB of data processed during scans. The pricing structure is based on:

• Data Map (capacity units, always-on)
• Scanning (pay-as-you-go, based on vCore usage and scan duration)
• Managed Virtual Network and API/Data Transfer costs for cross-cloud governance
• Resource Set Processing (based on processing time)

Tip

Click here to understand more about Azure Purview Cost Estimation

Best Practices

• Schedule Incremental Scans: Focus on delta changes to avoid excess charges.
• Leverage RBAC: Ensure PostgreSQL roles are tightly aligned with Purview access control.
• Implement Data Contracts: Define allowed usages for datasets via descriptions and labels.
• Audit Regularly: Review DLP violation trends and adjust scan cadence or detection logic as needed.

Integration with Purview for Unity Catalog

PostgreSQL assets can be governed under the Unity Catalog via Purview, providing centralized visibility and access management.

Steps to Integrate

1. Register PostgreSQL as a Data Source: Define connections for each instance (Flexible Server, Hyperscale, Single Server).
2. Classify and Label Data: Run classifier scans and apply sensitivity tags.
3. Configure Lineage Mapping: Capture transformations and downstream usage in Power BI, Synapse, or Logic Apps.
4. Apply Policy Definitions: Use Purview roles and access conditions to define allowable actions (read, export, delete).

Benefits

• Improved visibility of PostgreSQL data estate across dev/test/prod.
• Lower compliance risk through automated audits and DLP enforcement.
• Empowered data consumers with governed, cataloged, and discoverable datasets.

Refresh Date: 2025-07-17