Get ready for the next enhancement in Microsoft Purview governance

The new governance experience is available in the Microsoft Purview portal for anyone that hasn't created a Microsoft Purview account in the Azure portal before, and our existing customers. You can follow the steps in this article to enable the new experience!

What is the new governance experience?

New Microsoft Purview portal: https://purview.microsoft.com

The new Microsoft Purview experience is single, organization-wide instance of Microsoft Purview that's the next step towards unifying your organization's governance, policy, compliance, risk, and security. It's a prerequisite to a single platform used to manage and govern any data, both structured and unstructured, across your data estate. Including Azure, Microsoft 365, Azure, on-premises, or multicloud and SaaS applications in future.

For information about all the governance and compliance features available in the new Microsoft Purview portal, see our overview of the Microsoft Purview portal.

How can you use our new experience?

If you're a new Microsoft Purview governance customer (if your organization doesn't have any Microsoft Purview accounts in any Azure subscriptions under your Microsoft Entra tenant), you can get started right away! Go to purview.microsoft.com, the new Microsoft Purview portal, to start your governance journey.

If your organization already has Microsoft Purview accounts in Azure, after your organization has been enabled, getting started with the new experience depends on your organization's current structure. Follow one of these guides:

If you have more questions, see our new experience FAQ.

One Microsoft Purview account

Your account has disabled all public network access

If your Microsoft Purview account had disabled all public network access and is using private endpoints, you need to make some changes before you upgrade it. You can continue to use ingestion private endpoints, but not account or portal private endpoints. The new experience uses a new private endpoint called a platform private endpoint.

To check your current public network settings:

  1. Go to the Azure portal.
  2. Search for your Microsoft Purview account.
  3. Select Networking under the Settings menu.
  4. If your firewall is set to Disabled from all networks, you need to follow the next steps to upgrade. If your firewall is set to Enabled from all networks or Disabled for ingestion only, you should be able to upgrade without these steps.

To upgrade an account using private endpoints, you need to:

  1. Confirm that your firewall allows these global and tenant-specific endpoints (replacing the accountname and tenantid with your values):
    1. api.purview-service.microsoft.com
    2. accountname.purview.azure.com
    3. tenantid-api.purview-service.microsoft.com
  2. After upgrading to the new experience, you can follow this guide to set up private endpoints for governance solutions in the Microsoft Purview portal.

Important

  1. Currently, Azure Data Factory, Azure Machine Learning, and Azure Synapse lineage connections are not supported with the platform private endpoint, and might not work after switching. If your production replies on these lineage connections, wait until these connections are supported. (Azure Synapse is supported as a data source using a managed Virtual Network Integration Runtime and platform private endpoint.)
  2. Scans that run after upgrading but before you set up the platform private endpoints might fail and need to be re-run after private endpoint set up.

Your region maps to your tenant region

If your Microsoft Purview account's region matches your Microsoft Entra tenant region, and your networking settings are either "enabled from all networks" or "disabled for ingestion only", you can use the new experience! No upgrade required.

To access it, you can either:

  • Select the note at the top of the Microsoft Purview accounts page.

  • Select the toggle in the Microsoft Purview governance portal.

    Screenshot of the toggle to switch to the new experience.

Your region doesn't map to your tenant region

  1. Have a Purview Admin select the Upgrade button in the Azure portal, Microsoft Purview portal, or upgrade email.

  2. If your account is in a different region than your tenant, an admin needs to confirm setup.

    Screenshot showing the different region confirmation pop-up window.

  3. After confirmation, the new portal will launch.

  4. You can take the tour and begin exploring the new Microsoft Purview experience!

Tip

You can switch between the classic and new experiences using the toggle at the top of the portal.

Screenshot of the toggle to switch between the new and classic experiences after upgrading.

Multiple Microsoft Purview accounts

The new experience requires a single, tenant-level/organization-wide account that is the primary account for your organization. If you have multiple Microsoft Purview accounts in your tenant, you can upgrade one to the new experience and merge up to four other accounts into your primary account as domains.

  1. If your Microsoft Purview account has disabled public network access and is using account or portal private endpoints, you need to follow the steps under Disabled all public network access to upgrade it.

  2. Have a Purview Admin select the Upgrade button in the Azure portal, Microsoft Purview portal, or upgrade email.

  3. Select an existing account to upgrade it to be your organization-wide account. Not sure which to choose? You can follow our guide to choosing a primary account.

    Note

    This does not affect your other Microsoft Purview accounts, or their data. After upgrading, you can merge your secondary accounts into your primary account as domains.

    If you don't have access to the Microsoft 365 role groups to assign Purview Admins, contact support.

    Screenshot of the pop-up window for selecting an organization wide primary account.

  4. If the account you select is in a different region than your tenant, an admin needs to confirm setup.

    Screenshot of confirmation for selecting an account in a region that's different from your tenant region.

  5. After confirmation, the new portal will launch.

  6. You can take the tour and begin exploring the new Microsoft Purview experience!

  7. Merge your secondary accounts into your primary account as domains.

Tip

You can switch between the classic and new experiences using the toggle at the top of the portal.

Screenshot of the toggle to switch between the new and classic experiences.

Disabled all public network access

If your Microsoft Purview account had disabled all public network access and is using private endpoints, you need to make some changes before you upgrade it. You can continue to use ingestion private endpoints, but not account or portal private endpoints. The new experience uses a new private endpoint called a platform private endpoint.

To check your current public network settings:

  1. Go to the Azure portal.
  2. Search for your Microsoft Purview account.
  3. Select Networking under the Settings menu.
  4. If your firewall is set to Disabled from all networks, you need to follow the next steps to upgrade. If your firewall is set to Enabled from all networks or Disabled for ingestion only, you should be able to upgrade without these steps.

To upgrade an account using private endpoints, you need to:

  1. Confirm that your firewall allows these global and tenant-specific endpoints (replacing the accountname and tenantid with your values):
    1. api.purview-service.microsoft.com
    2. accountname.purview.azure.com
    3. tenantid-api.purview-service.microsoft.com
  2. After upgrading to the new experience, you can follow this guide to set up private endpoints for governance solutions in the Microsoft Purview portal.

Important

  1. Currently, Azure Data Factory, Azure Machine Learning, and Azure Synapse lineage connections are not supported with the platform private endpoint, and might not work after switching. If your production replies on these lineage connections, wait until these connections are supported. (Azure Synapse is supported as a data source using a managed Virtual Network Integration Runtime and platform private endpoint.)
  2. Scans that run after upgrading but before you set up the platform private endpoints might fail and need to be re-run after private endpoint set up.

Why upgrade to the new experience?

If you're already using the classic Microsoft Purview governance portal, upgrading your Purview account to the enhanced experience offers several benefits, including the following:

  • Prerequisites for unified experience: The upgrade is a prerequisite and one step to bring your environment closer to use data governance, security, risk, and compliance capabilities under the same platform.
  • Improved User Experience: The new experience provides a more streamlined and intuitive user interface, making it easier for users to access and manage their data assets. The upgraded account provides you access to the new user experience on https://purview.microsoft.com.
  • Enhanced Features: Upgrading unlocks new features and capabilities, such as live view, preset scans, and many more coming in next few months.
  • Consolidated Management: The enhanced experience offers a centralized management interface for all your Microsoft Purview resources, simplifying administration tasks.
  • Access to new capabilities: All Microsoft Purview new features are only available in the upgraded tenant level account.

What's next?

After you upgrade an existing account to the new experience, here's what's coming in the future:

  • Account consolidation: All other Microsoft Purview accounts in your tenant will continue to be accessed via the classic portal. Be prepared to merge those accounts with the primary account when the feature becomes available. Microsoft will notify customers who require to perform other steps to merge these accounts.
  • Roles and Permissions: Fine grained access control via roles and permissions at collection scopes will continue to function as-is after your accounts are upgraded. In addition, there are new tenant-level roles that can be managed in the new portal. For more information, see our tenant-level permissions documentation.
  • Adapting to new features: Educate users within your organization on the new features and capabilities introduced in the upgraded account, enabling them to maximize the benefits of these enhancements. This includes understanding and using the following features:

Have more questions?

If you've got more questions, see our FAQ for the new governance experience.

Support

With the free version of Microsoft Purview governance solutions, you can't open support tickets for Microsoft Purview. You need to upgrade to enterprise access for support.

How to choose a primary account?

If you have a single Microsoft Purview account, it's likely your account is automatically upgraded. When you have multiple Microsoft Purview accounts under the same Microsoft Entra tenant, consider the following factors while selecting an account for the upgrade. We recommend selecting an account as primary tenant-level account by following guidelines below:

  • Data Assets: Choose the account with the most valuable or frequently used data assets, as this will become the primary data map after the upgrade.
  • Account Usage: Evaluate how each account is currently being used and its role within your organization. Accounts that are considered "production" would be most viable to select for this purpose.
  • Permissions and Access Controls: Consider the existing permissions and access controls for each account, as they'll be carried over to the upgraded environment (as an isolated Domain)
  • System Assigned Managed Identity(SAMI) and User Assigned Managed Identity(UAMI): The existing system and user assigned managed identities for the primary upgraded account can be used across all domains in the Microsoft Purview instance.

Other considerations

  • The upgraded account can be accessible via current endpoints and new endpoints, therefore, there's no immediate effect if you use Microsoft Purview APIs. Any updates performed in the upgraded account will be also reflected in the classic portal for the same Microsoft Purview account.
  • New Microsoft Purview features will be only available for the upgraded account.
  • For other accounts in your tenant, you can continue to access through the classic portal.

Regions

For information regarding all available Microsoft Purview regions, see the Azure product by regions page.

This table lists the regions that are currently available to use Microsoft Purview in the new portal:

Purview Account Location Mapped Microsoft Entra Country/Region Tenant Location Code
China North 3  China CN

Next steps

Stay tuned for updates! Until then, make use of Microsoft Purview's other features: