Migrate to new private endpoints
Important
This article covers migrating private endpoints for governance solutions from the classic governance portal (https://web.purview.azure.cn) to the Microsoft Purview portal (https://purview.microsoft.com/). If you're building your private endpoint connections for the first time, follow the full private endpoints article instead.
Note
Currently, Azure Data Factory, Azure Machine Learning, and Azure Synapse connections are not supported with the platform private endpoint, and might not work after switching.
Microsoft Purview now supports platform private endpoints for your organization-level account. You can follow these steps to migrate your existing Microsoft Purview account private endpoints to the new platform private endpoints.
Migrate your existing private endpoints
- In the Azure portal, search for and open your Microsoft Purview account.
- Select the Networking page.
- If it's not already open, select the Upgrade to platform PE tab.
- Set up your platform private endpoints
- Create managed private endpoint connections to platform private endpoints
- Switch your Microsoft Purview API endpoint
Set up your platform private endpoints
For every account private endpoint you'll need to set up a platform private endpoint. All the account private endpoints you have are listed under the step. For each existing endpoint:
In the Azure portal, search for and open your Microsoft Purview account.
Select the Networking page.
If it's not already open, select the Upgrade to platform PE tab.
Select the + Create platform private endpoint button.
In the Create a private endpoint - Basics tab, enter or select the following information:
Settings Value Project details Subscription Select your Azure Subscription Resource group Select your resource group. Instance details Name Create a unique name. Network Interface Name Filled automatically by the instance name. Region Selected automatically based on your resource group. Once that information is complete, select Next: Resource and in the Create a private endpoint - Resource page, enter or select the following information:
Settings Value Connection method Select connect to an Azure resource in my directory Subscription Select your subscription Resource type Select Microsoft.Purview/accounts Resource Select your Microsoft Purview resource Target subresource Platform Once that information is properly input, select Next: Virtual Network and enter or select the following information:
Settings Value NETWORKING Virtual network Select your existing virtual network. Subnet Select your existing subnet PRIVATE IP configuration Select Dynamically allocate IP address. Select Next: DNS and enter the following information:
Settings Value Integrate with private DNS zone Select Yes Subscription Select your subscription where your DNS zone is configured. Resource group Select the resource group where your DNS zone is configured. Select Next: Tags and on the tags page you can optionally add any tags your organization is using in Azure.
Select Next: Review + create which displays the Review + create page where Azure validates your configuration. When you see the Validation passed message, select Create.
If you configured firewall allowlist rules for your account endpoints (
{account-name}.purview.azure.cn
), you need to update your firewall configuration for the new platform private endpoints:{tenant id}-api.purview-service.microsoft.com
,api.purview-service.microsoft.com
Create managed private endpoint connections to platform private endpoints
In the Microsoft Purview portal open the Microsoft Purview Data Map.
Navigate to Source management, and select Managed private endpoints.
Select the pop-up link at the to that says, 'Click here to provision platform managed PE for all your managed VNets'.
Microsoft Purview will create managed platform private endpoints for all your existing managed account endpoints.
Select each approval link to approve the endpoints, or approve them directly by:
- In the Azure portal search for your Microsoft Purview account and open it.
- Select Networking
- Select Private endpoints
- Approve the new list of private endpoints.
Switch your Microsoft Purview API endpoint
Now that you've created the required private endpoints, connected your resources, and recreated your scans, you can update your API endpoint. On the networking page, select the Switch endpoint button to switch to the new Microsoft Purview API endpoint for scanning and tenant account access.
The new API endpoint you'll be using is either:
https://api.purview-service.microsoft.com/
https://{your-tenant-id}-api.purview-service.microsoft.com/
Note
The old endpoint will be operational in parallel for users with access to the classic portal. Scans that were already running will continue to use the existing endpoint until they finish. New scans will use the new platform endpoint.
Remove account endpoints
Once all your currently running scans have completed, remove your existing account endpoints to switch completely to your new platform private endpoints.