{"id":383,"date":"2026-04-13T21:08:35","date_gmt":"2026-04-13T21:08:35","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/azure-data-catalog-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-analytics\/"},"modified":"2026-04-13T21:08:35","modified_gmt":"2026-04-13T21:08:35","slug":"azure-data-catalog-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-analytics","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/azure-data-catalog-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-analytics\/","title":{"rendered":"Azure Data Catalog Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Analytics"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Analytics<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

Important service status note (read first):<\/strong> The original Azure Data Catalog<\/strong> service (the standalone product that existed years ago) was retired<\/strong> by Microsoft. Today, the \u201cdata catalog\u201d experience in Azure is delivered as Microsoft Purview Data Catalog<\/strong> (part of Microsoft Purview<\/strong>, an Azure-deployable governance service). In this tutorial, Data Catalog<\/strong> refers to the current, supported<\/strong> catalog capability in Microsoft Purview<\/strong>\u2014the modern replacement for the retired Azure Data Catalog. Always verify the latest product status and feature availability in official docs.<\/p>\n\n\n\n

What this service is<\/strong>\n– Data Catalog<\/strong> in Azure is a central inventory of data assets<\/strong> (tables, files, reports, pipelines, etc.) plus the metadata that makes those assets discoverable, understandable, and governable.\n– It is used by data consumers (analysts, engineers, scientists) to find trustworthy data<\/strong> and by governance teams to standardize definitions<\/strong> and oversee metadata quality.<\/p>\n\n\n\n

Simple explanation (one paragraph)<\/strong>\nData Catalog is like a searchable \u201clibrary index\u201d for your organization\u2019s data. It helps people quickly find datasets, understand what they mean, see who owns them, and learn how they are used\u2014without having to ask around or dig through storage accounts and databases.<\/p>\n\n\n\n

Technical explanation (one paragraph)<\/strong>\nIn Azure, Data Catalog is implemented through Microsoft Purview Data Catalog<\/strong>. It builds a metadata graph<\/strong> (via automated scanning and integrations) for supported sources such as Azure Storage, Azure SQL, Azure Synapse, Power BI, and more. It stores technical metadata (schemas, columns, file formats), business metadata (glossary, owners, descriptions), and relationship metadata (lineage where supported). Access is governed through Azure AD<\/strong> identities, Purview roles<\/strong>, and Azure resource permissions for scanning.<\/p>\n\n\n\n

What problem it solves<\/strong>\n– Data sprawl and \u201cunknown datasets\u201d\n– Repeated questions like \u201cWhere is the customer table?\u201d and \u201cWhich dataset is the source of truth?\u201d\n– Inconsistent definitions (e.g., \u201cactive customer\u201d means different things across teams)\n– Risk from sensitive data being poorly understood or incorrectly shared\n– Slow onboarding for new engineers and analysts<\/p>\n\n\n\n

\n\n\n\n

2. What is Data Catalog?<\/h2>\n\n\n\n

Official purpose<\/strong>\nData Catalog (Microsoft Purview Data Catalog in Azure) is designed to provide data discovery<\/strong> and metadata management<\/strong> across an organization\u2019s data estate. Its purpose is to help users find, understand, trust, and govern<\/strong> data assets.<\/p>\n\n\n\n

Core capabilities<\/strong>\n– Register and scan data sources<\/strong> to extract metadata (schemas, columns, file types, etc.)\n– Search and browse<\/strong> assets with filters and facets\n– Enrich metadata<\/strong> with descriptions, owners, classifications, glossary terms, and tags (capabilities vary by source and configuration)\n– Lineage<\/strong> visualization for supported systems and integrations (availability depends on connectors and workloads)\n– Govern access to the catalog<\/strong> and organize assets via collections<\/strong><\/p>\n\n\n\n

Major components (as implemented in Microsoft Purview)<\/strong>\n– Microsoft Purview account<\/strong>: The Azure resource you deploy; it hosts governance capabilities.\n– Data Map<\/strong>: The underlying metadata store\/index used by Data Catalog.\n– Collections<\/strong>: Hierarchical partitions for organizing assets and delegating administration.\n– Scans and credentials<\/strong>: Configuration to connect to and scan sources.\n– Business glossary<\/strong>: Central vocabulary and definitions linked to assets.\n– Insights \/ reporting<\/strong> (where available): Views into data estate coverage, classifications, and governance posture (feature availability may vary\u2014verify in official docs).<\/p>\n\n\n\n

Service type<\/strong>\n– Managed cloud service for metadata management and governance<\/strong>, deployed as an Azure resource and accessed via web portals and APIs.<\/p>\n\n\n\n

Scope: regional\/global\/account-scoped<\/strong>\n– You create a Microsoft Purview account in an Azure region<\/strong>.\n– The catalog metadata<\/strong> is account-scoped<\/strong> (within that Purview account) and tied to your Azure AD tenant<\/strong> identity model.\n– You can typically catalog across multiple Azure subscriptions<\/strong> (within the same Azure AD tenant) as long as the Purview managed identity and\/or configured credentials have permission to read metadata from those sources.<\/p>\n\n\n\n

How it fits into the Azure ecosystem<\/strong>\n– Complements Analytics<\/strong> services such as Azure Synapse Analytics<\/strong>, Azure Data Factory<\/strong>, Azure Databricks<\/strong>, Power BI<\/strong>, and Azure Data Lake Storage<\/strong> by adding the missing layer: enterprise metadata + discovery + governance<\/strong>.\n– Integrates with Azure identity (Azure AD), Azure networking (private endpoints where supported), and Azure monitoring (diagnostic logs).<\/p>\n\n\n\n

Official entry points to verify:\n– Microsoft Purview documentation: https:\/\/learn.microsoft.com\/purview\/\n– Microsoft Purview Data Catalog overview: https:\/\/learn.microsoft.com\/purview\/purview-data-catalog-overview<\/p>\n\n\n\n

\n\n\n\n

3. Why use Data Catalog?<\/h2>\n\n\n\n

Business reasons<\/h3>\n\n\n\n
    \n
  • Faster analytics outcomes<\/strong>: Teams spend less time searching for data and more time using it.<\/li>\n
  • Shared definitions<\/strong>: A business glossary reduces KPI disputes and inconsistent reporting.<\/li>\n
  • Better data trust<\/strong>: Ownership, certification\/curation patterns, and lineage (where available) increase confidence.<\/li>\n<\/ul>\n\n\n\n

    Technical reasons<\/h3>\n\n\n\n
      \n
    • Centralized metadata<\/strong> across many systems (storage, databases, BI, etc.).<\/li>\n
    • Automation<\/strong> via scanning and integrations reduces manual documentation.<\/li>\n
    • Lineage<\/strong> helps engineers assess downstream impact before making schema changes.<\/li>\n<\/ul>\n\n\n\n

      Operational reasons<\/h3>\n\n\n\n
        \n
      • Onboarding<\/strong>: New hires find data faster.<\/li>\n
      • Reduced tribal knowledge<\/strong>: Metadata is documented and searchable.<\/li>\n
      • Change impact assessment<\/strong>: Lineage + ownership shortens incident resolution (when supported).<\/li>\n<\/ul>\n\n\n\n

        Security \/ compliance reasons<\/h3>\n\n\n\n
          \n
        • Sensitive data discovery<\/strong> via classifications (built-in and custom\u2014verify exact classifiers in your region\/tenant).<\/li>\n
        • Governance boundaries<\/strong> with collections and role-based access.<\/li>\n
        • Auditability<\/strong> by using Azure logging and Purview activity visibility (verify logging specifics in official docs).<\/li>\n<\/ul>\n\n\n\n

          Scalability \/ performance reasons<\/h3>\n\n\n\n
            \n
          • Designed for enterprise-scale<\/strong> metadata indexing rather than spreadsheet-based catalogs.<\/li>\n
          • Supports scanning at scale, but you must manage scan schedules, throughput, and cost.<\/li>\n<\/ul>\n\n\n\n

            When teams should choose Data Catalog<\/h3>\n\n\n\n
              \n
            • You have multiple data platforms and need a single discovery layer<\/strong>.<\/li>\n
            • Data is growing faster than documentation.<\/li>\n
            • You need governance<\/strong>: ownership, glossary, classification, and (ideally) lineage.<\/li>\n<\/ul>\n\n\n\n

              When teams should not choose it<\/h3>\n\n\n\n
                \n
              • You have a very small, single-database environment and can document with lightweight tooling.<\/li>\n
              • You require a fully on-prem-only catalog with no cloud footprint (unless your governance requirements allow Purview with hybrid connectors; verify).<\/li>\n
              • You need advanced data access governance features for sources not supported by Purview connectors; consider alternatives or complementary tools.<\/li>\n<\/ul>\n\n\n\n
                \n\n\n\n

                4. Where is Data Catalog used?<\/h2>\n\n\n\n

                Industries<\/h3>\n\n\n\n
                  \n
                • Financial services (risk, regulatory reporting, data controls)<\/li>\n
                • Healthcare and life sciences (PHI discovery, auditability)<\/li>\n
                • Retail and e-commerce (customer analytics, product catalog analytics)<\/li>\n
                • Manufacturing\/IoT (sensor data lakes, quality data)<\/li>\n
                • Public sector (data sharing boundaries, compliance)<\/li>\n<\/ul>\n\n\n\n

                  Team types<\/h3>\n\n\n\n
                    \n
                  • Data engineering<\/li>\n
                  • BI \/ analytics teams<\/li>\n
                  • Data science \/ ML engineering<\/li>\n
                  • Governance and compliance teams<\/li>\n
                  • Platform engineering (data platform owners)<\/li>\n<\/ul>\n\n\n\n

                    Workloads<\/h3>\n\n\n\n
                      \n
                    • Data lake\/lakehouse discovery (ADLS Gen2, Databricks, Synapse)<\/li>\n
                    • Data warehouse governance (Azure SQL, Synapse SQL)<\/li>\n
                    • BI semantic model discovery (Power BI)<\/li>\n
                    • ETL\/ELT pipeline documentation (ADF\/Synapse pipelines; lineage depends on integration)<\/li>\n<\/ul>\n\n\n\n

                      Architectures<\/h3>\n\n\n\n
                        \n
                      • Central data platform with domain data products (data mesh patterns)<\/li>\n
                      • Multi-subscription landing zones where data is distributed<\/li>\n
                      • Hybrid estates with some on-prem sources (connectors vary; verify supported sources)<\/li>\n<\/ul>\n\n\n\n

                        Real-world deployment contexts<\/h3>\n\n\n\n
                          \n
                        • Production<\/strong>: Most value comes when scanning production data sources (metadata-only access) and curating trusted datasets.<\/li>\n
                        • Dev\/Test<\/strong>: Used to validate scanning, role delegation, glossary workflow, and integration patterns before production rollout.<\/li>\n<\/ul>\n\n\n\n
                          \n\n\n\n

                          5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                          Below are realistic scenarios where Data Catalog fits well. Each includes the problem, why Data Catalog fits, and an example.<\/p>\n\n\n\n

                            \n
                          1. \n

                            Enterprise data discovery for a data lake<\/strong>\n – Problem:<\/strong> Hundreds of containers and folders in ADLS Gen2; nobody knows what\u2019s in them.\n – Why it fits:<\/strong> Automated scanning extracts schemas and file metadata; search helps users find datasets.\n – Example:<\/strong> Finance analysts search \u201cinvoice\u201d and find curated parquet datasets with owners and refresh cadence.<\/p>\n<\/li>\n

                          2. \n

                            Business glossary for KPI standardization<\/strong>\n – Problem:<\/strong> \u201cRevenue\u201d and \u201cActive customer\u201d definitions vary across teams.\n – Why it fits:<\/strong> Glossary terms become shared definitions and can be linked to assets and columns.\n – Example:<\/strong> The CFO office maintains glossary terms used by Power BI reports and data warehouse tables.<\/p>\n<\/li>\n

                          3. \n

                            Sensitive data inventory and risk reduction<\/strong>\n – Problem:<\/strong> Unknown locations of personal data increase breach and compliance risk.\n – Why it fits:<\/strong> Classification\/tagging + catalog browsing supports sensitive data discovery.\n – Example:<\/strong> Security team identifies datasets containing national IDs and ensures access reviews are in place.<\/p>\n<\/li>\n

                          4. \n

                            Lineage-driven change management (where supported)<\/strong>\n – Problem:<\/strong> Schema changes break downstream reports.\n – Why it fits:<\/strong> Lineage helps understand upstream\/downstream dependencies.\n – Example:<\/strong> Engineers see that a Synapse table feeds a critical Power BI semantic model before altering a column.<\/p>\n<\/li>\n

                          5. \n

                            Data product catalog for data mesh<\/strong>\n – Problem:<\/strong> Domains publish data products but consumers can\u2019t easily discover them.\n – Why it fits:<\/strong> Collections map to domains; assets are curated and searchable across the enterprise.\n – Example:<\/strong> \u201cSales\u201d and \u201cSupply Chain\u201d collections publish certified datasets with clear owners.<\/p>\n<\/li>\n

                          6. \n

                            Audit support and compliance evidence<\/strong>\n – Problem:<\/strong> Auditors request evidence of data classification and ownership.\n – Why it fits:<\/strong> Central metadata (owners, classifications) can be reviewed and exported (methods vary; verify).\n – Example:<\/strong> Compliance team demonstrates where sensitive fields exist and who owns them.<\/p>\n<\/li>\n

                          7. \n

                            Faster incident response for data quality issues<\/strong>\n – Problem:<\/strong> A dashboard is wrong; nobody knows the data origin.\n – Why it fits:<\/strong> Catalog metadata and lineage reduce MTTR.\n – Example:<\/strong> On-call analyst traces a KPI to a pipeline and finds a failed step introduced yesterday.<\/p>\n<\/li>\n

                          8. \n

                            Analytics platform onboarding<\/strong>\n – Problem:<\/strong> New hires take weeks to learn data locations and meanings.\n – Why it fits:<\/strong> Searchable catalog + glossary shortens ramp-up.\n – Example:<\/strong> A new data engineer uses the catalog to find canonical customer and product tables.<\/p>\n<\/li>\n

                          9. \n

                            Consolidated metadata across multiple subscriptions<\/strong>\n – Problem:<\/strong> Data is split across landing zones; no unified discovery.\n – Why it fits:<\/strong> Purview can catalog across subscriptions if permissions are granted.\n – Example:<\/strong> Central governance catalogs storage accounts from multiple business units.<\/p>\n<\/li>\n

                          10. \n

                            Migration support (on-prem to Azure)<\/strong>\n – Problem:<\/strong> During migration, assets are duplicated and mapping is unclear.\n – Why it fits:<\/strong> Catalog can track both old and new assets and help link documentation.\n – Example:<\/strong> Teams catalog on-prem SQL (if supported via connector) and Azure SQL to manage the transition.<\/p>\n<\/li>\n

                          11. \n

                            Self-service analytics enablement<\/strong>\n – Problem:<\/strong> Analysts request data extracts because they can\u2019t find trusted sources.\n – Why it fits:<\/strong> Curated assets plus owners reduce ad-hoc extract requests.\n – Example:<\/strong> Analysts use the catalog to find certified \u201csales_orders\u201d and stop using emailed CSVs.<\/p>\n<\/li>\n<\/ol>\n\n\n\n

                            \n\n\n\n

                            6. Core Features<\/h2>\n\n\n\n
                            \n

                            Feature availability can vary by region, connector, and Microsoft Purview release. Verify details in official docs: https:\/\/learn.microsoft.com\/purview\/<\/p>\n<\/blockquote>\n\n\n\n

                            1) Asset discovery: search and browse<\/h3>\n\n\n\n
                              \n
                            • What it does:<\/strong> Provides a search UI and browsing experience across cataloged assets.<\/li>\n
                            • Why it matters:<\/strong> Users can find data without knowing where it lives.<\/li>\n
                            • Practical benefit:<\/strong> Reduces time spent asking around and reduces duplicate datasets.<\/li>\n
                            • Limitations\/caveats:<\/strong> Search quality depends on scanning coverage and metadata enrichment.<\/li>\n<\/ul>\n\n\n\n

                              2) Automated scanning and metadata extraction<\/h3>\n\n\n\n
                                \n
                              • What it does:<\/strong> Connects to supported sources and extracts metadata such as schemas, file types, and structural information.<\/li>\n
                              • Why it matters:<\/strong> Keeps metadata current without manual documentation.<\/li>\n
                              • Practical benefit:<\/strong> Scheduled scans can maintain freshness.<\/li>\n
                              • Limitations\/caveats:<\/strong> Requires correct permissions; some sources require credentials\/managed identity setup.<\/li>\n<\/ul>\n\n\n\n

                                3) Collections and delegated administration<\/h3>\n\n\n\n
                                  \n
                                • What it does:<\/strong> Organizes catalog assets into a hierarchy (collections) and supports role delegation.<\/li>\n
                                • Why it matters:<\/strong> Large organizations need governance boundaries and decentralized ownership.<\/li>\n
                                • Practical benefit:<\/strong> Domain teams manage their own assets while central governance sets standards.<\/li>\n
                                • Limitations\/caveats:<\/strong> Misaligned collection strategy can create administrative complexity.<\/li>\n<\/ul>\n\n\n\n

                                  4) Business glossary<\/h3>\n\n\n\n
                                    \n
                                  • What it does:<\/strong> Maintains business terms, definitions, and relationships; terms can be linked to assets.<\/li>\n
                                  • Why it matters:<\/strong> Aligns business and technical teams on definitions.<\/li>\n
                                  • Practical benefit:<\/strong> Fewer KPI disputes; better report consistency.<\/li>\n
                                  • Limitations\/caveats:<\/strong> Requires governance process to keep terms accurate.<\/li>\n<\/ul>\n\n\n\n

                                    5) Metadata enrichment (owners, descriptions, contacts)<\/h3>\n\n\n\n
                                      \n
                                    • What it does:<\/strong> Adds human context on top of technical metadata.<\/li>\n
                                    • Why it matters:<\/strong> Ownership and context drive trust and accountability.<\/li>\n
                                    • Practical benefit:<\/strong> People know who to contact and how data should be used.<\/li>\n
                                    • Limitations\/caveats:<\/strong> Needs operating model (RACI) to avoid stale ownership.<\/li>\n<\/ul>\n\n\n\n

                                      6) Classification and labeling (sensitive data discovery)<\/h3>\n\n\n\n
                                        \n
                                      • What it does:<\/strong> Applies classifications to assets\/columns based on scanning and rules.<\/li>\n
                                      • Why it matters:<\/strong> Helps locate sensitive data and manage exposure.<\/li>\n
                                      • Practical benefit:<\/strong> Supports compliance initiatives and access reviews.<\/li>\n
                                      • Limitations\/caveats:<\/strong> Classification accuracy varies; false positives\/negatives are possible.<\/li>\n<\/ul>\n\n\n\n

                                        7) Lineage (for supported integrations)<\/h3>\n\n\n\n
                                          \n
                                        • What it does:<\/strong> Shows data movement and transformations across pipelines and systems.<\/li>\n
                                        • Why it matters:<\/strong> Enables impact analysis and troubleshooting.<\/li>\n
                                        • Practical benefit:<\/strong> Faster root cause analysis when downstream breaks.<\/li>\n
                                        • Limitations\/caveats:<\/strong> Lineage coverage depends on supported sources\/integrations (verify current list).<\/li>\n<\/ul>\n\n\n\n

                                          8) Role-based access control (Purview roles + Azure RBAC)<\/h3>\n\n\n\n
                                            \n
                                          • What it does:<\/strong> Controls who can administer the catalog, manage sources, run scans, and curate metadata.<\/li>\n
                                          • Why it matters:<\/strong> Governance tools often contain sensitive metadata.<\/li>\n
                                          • Practical benefit:<\/strong> Separation of duties (admins vs curators vs readers).<\/li>\n
                                          • Limitations\/caveats:<\/strong> You must manage two layers: Purview roles and source permissions.<\/li>\n<\/ul>\n\n\n\n

                                            9) APIs and automation (where supported)<\/h3>\n\n\n\n
                                              \n
                                            • What it does:<\/strong> Enables metadata operations via REST APIs and supported SDKs.<\/li>\n
                                            • Why it matters:<\/strong> Enterprises need repeatable deployment and automation.<\/li>\n
                                            • Practical benefit:<\/strong> Infrastructure-as-code patterns for Purview account deployment; scripted scans\/metadata workflows.<\/li>\n
                                            • Limitations\/caveats:<\/strong> API coverage and tooling evolve\u2014verify in official docs.<\/li>\n<\/ul>\n\n\n\n
                                              \n\n\n\n

                                              7. Architecture and How It Works<\/h2>\n\n\n\n

                                              High-level architecture<\/h3>\n\n\n\n

                                              At a high level:\n1. You deploy a Microsoft Purview account<\/strong> in Azure.\n2. You register data sources<\/strong> (ADLS, Azure SQL, etc.) into the account.\n3. You configure credentials<\/strong> (managed identity or other supported methods) and scans<\/strong>.\n4. Purview scanning reads metadata<\/strong> from sources and stores it in the Data Map<\/strong>.\n5. Users search\/browse Data Catalog<\/strong> and enrich assets with business context.<\/p>\n\n\n\n

                                              Request\/data\/control flow<\/h3>\n\n\n\n
                                                \n
                                              • Control plane:<\/strong> Admins configure collections, roles, sources, scans, and policies in Purview.<\/li>\n
                                              • Data plane (metadata plane):<\/strong> Scanning connects to data sources to read metadata<\/em> (and possibly sample content for classification depending on configuration; verify and control this).<\/li>\n
                                              • Consumption:<\/strong> Users query\/search the metadata index and view asset pages.<\/li>\n<\/ul>\n\n\n\n

                                                Integrations with related Azure services (common)<\/h3>\n\n\n\n
                                                  \n
                                                • Azure Data Lake Storage Gen2<\/strong>: Catalog file systems, folders, and files; extract schema for supported formats.<\/li>\n
                                                • Azure SQL \/ Synapse<\/strong>: Catalog databases, schemas, tables, and columns.<\/li>\n
                                                • Azure Data Factory \/ Synapse pipelines<\/strong>: Potential lineage integration (verify supported scenarios).<\/li>\n
                                                • Power BI<\/strong>: Catalog reports\/datasets and enable discovery (tenant configuration required; verify).<\/li>\n
                                                • Azure Key Vault<\/strong>: Store credentials\/secrets where applicable (depending on connector method).<\/li>\n
                                                • Azure Monitor<\/strong>: Diagnostic logs and metrics routing (availability varies; verify in docs).<\/li>\n<\/ul>\n\n\n\n

                                                  Dependency services<\/h3>\n\n\n\n
                                                    \n
                                                  • Azure AD<\/strong> for identity and authentication.<\/li>\n
                                                  • Source services<\/strong> being scanned (Storage, SQL, etc.).<\/li>\n
                                                  • Optional networking<\/strong> components for private connectivity.<\/li>\n<\/ul>\n\n\n\n

                                                    Security\/authentication model<\/h3>\n\n\n\n
                                                      \n
                                                    • User access to Data Catalog:<\/strong> authenticated via Azure AD; authorization governed by Purview roles and potentially collection-level permissions.<\/li>\n
                                                    • Scanner access to data sources:<\/strong> typically via the Purview managed identity (system-assigned managed identity) or configured credentials, plus Azure RBAC\/data-plane permissions on the source.<\/li>\n<\/ul>\n\n\n\n

                                                      Networking model<\/h3>\n\n\n\n
                                                        \n
                                                      • By default, Purview endpoints may be publicly accessible.<\/li>\n
                                                      • For production, consider private endpoints<\/strong> and managed network features where supported, especially when scanning sources inside private VNets. Verify current networking options in Purview docs for your region.<\/li>\n<\/ul>\n\n\n\n

                                                        Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                          \n
                                                        • Treat metadata as sensitive: asset names, schemas, and classifications can reveal business secrets.<\/li>\n
                                                        • Enable diagnostic logs where supported.<\/li>\n
                                                        • Establish governance processes:<\/li>\n
                                                        • Ownership and stewardship<\/li>\n
                                                        • Glossary curation<\/li>\n
                                                        • Scan schedules and change management<\/li>\n
                                                        • Access reviews for catalog roles<\/li>\n<\/ul>\n\n\n\n

                                                          Simple architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                          flowchart LR\n  U[Data Consumer] -->|Search\/Browse| DC[Data Catalog<br\/>(Microsoft Purview)]\n  A[Data Steward] -->|Curate glossary & metadata| DC\n\n  DC --> DM[Data Map<br\/>(Metadata Store)]\n  DC -->|Scan metadata| SRC[(Azure Data Sources)]\n  SRC --> ADLS[ADLS Gen2]\n  SRC --> SQL[Azure SQL \/ Synapse]\n  DC --> AAD[Azure AD<br\/>AuthN\/AuthZ]\n<\/code><\/pre>\n\n\n\n
                                                          Production-style architecture diagram (Mermaid)<\/h3>\n\n\n\n
                                                          flowchart TB\n  subgraph Tenant[Azure AD Tenant]\n    AAD[Azure AD]\n  end\n\n  subgraph Azure[Azure Subscription(s)]\n    subgraph RG[Resource Group]\n      P[Microsoft Purview Account<br\/>Data Catalog + Data Map]\n      PE[Private Endpoints<br\/>(if enabled)]\n      LAW[Log Analytics Workspace<br\/>(optional)]\n    end\n\n    subgraph DataPlane[Data Sources]\n      ADLS[ADLS Gen2<br\/>Private Endpoint (optional)]\n      SQL[Azure SQL \/ Synapse<br\/>Private Endpoint (optional)]\n      ADF[Azure Data Factory \/ Synapse Pipelines<br\/>(lineage where supported)]\n      PBI[Power BI<br\/>(tenant integration)]\n    end\n  end\n\n  Users[Analysts \/ Engineers \/ Stewards] -->|Azure AD sign-in| AAD\n  AAD -->|Tokens| P\n\n  P -->|Metadata scans via MI\/credentials| ADLS\n  P -->|Metadata scans via MI\/credentials| SQL\n  ADF -->|Lineage integration (supported cases)| P\n  PBI -->|Metadata integration (tenant config)| P\n\n  P -->|Diagnostic logs| LAW\n  P --> PE\n  PE --> ADLS\n  PE --> SQL\n<\/code><\/pre>\n\n\n\n
                                                          \n\n\n\n
                                                          8. Prerequisites<\/h2>\n\n\n\n
                                                          Account\/subscription\/tenant requirements<\/h3>\n\n\n\n
                                                            \n
                                                          • An active Azure subscription<\/strong>.<\/li>\n
                                                          • Access to an Azure AD tenant<\/strong> associated with the subscription.<\/li>\n
                                                          • Ability to register resource providers if needed (commonly Microsoft.Purview<\/code>).<\/li>\n<\/ul>\n\n\n\n
                                                            Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                            To complete the lab you typically need:\n– At Azure scope<\/strong>:\n  – Owner<\/code> or Contributor<\/code> on the resource group\/subscription to create resources.\n  – Permissions to assign roles (for RBAC) if you will grant the Purview managed identity access to Storage.\n– Inside Purview (Data Catalog)<\/strong>:\n  – Purview roles (for example, data source admin \/ collection admin) depending on your tasks. Role names and exact permissions should be verified in current Purview RBAC documentation.\n– On the data source<\/strong> (lab uses ADLS Gen2):\n  – Grant Purview\u2019s managed identity read\/list<\/strong> permissions. Commonly involves Azure RBAC roles like Storage Blob Data Reader<\/strong> at the storage account scope (verify required permissions for scanning in official docs).<\/p>\n\n\n\n
                                                            Billing requirements<\/h3>\n\n\n\n
                                                              \n
                                                            • You must have billing enabled; Purview pricing is usage-based (see section 9).<\/li>\n<\/ul>\n\n\n\n
                                                              CLI\/SDK\/tools needed<\/h3>\n\n\n\n
                                                                \n
                                                              • Azure Portal access.<\/li>\n
                                                              • Optional:<\/li>\n
                                                              • Azure CLI<\/strong> for resource creation and uploads: https:\/\/learn.microsoft.com\/cli\/azure\/install-azure-cli<\/li>\n
                                                              • Azure Storage Explorer<\/strong> (optional) for uploading sample files: https:\/\/azure.microsoft.com\/products\/storage\/storage-explorer\/<\/li>\n<\/ul>\n\n\n\n
                                                                Region availability<\/h3>\n\n\n\n
                                                                  \n
                                                                • Microsoft Purview availability varies by region. Verify the current supported regions:\n  https:\/\/learn.microsoft.com\/purview\/purview-portal<\/li>\n<\/ul>\n\n\n\n
                                                                  Quotas\/limits<\/h3>\n\n\n\n
                                                                    \n
                                                                  • Purview has limits around scans, capacity, and catalogs at scale; these change over time. Verify current limits in official documentation.<\/li>\n<\/ul>\n\n\n\n
                                                                    Prerequisite services for the lab<\/h3>\n\n\n\n
                                                                      \n
                                                                    • Azure Storage account<\/strong> with Hierarchical namespace enabled<\/strong> (ADLS Gen2).<\/li>\n
                                                                    • A small sample file (CSV or Parquet) to demonstrate discovery.<\/li>\n<\/ul>\n\n\n\n
                                                                      \n\n\n\n
                                                                      9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                      Do not use this section as a quote.<\/strong> Pricing varies by region, billing agreement, and feature usage. Always confirm on official pricing pages.<\/p>\n\n\n\n
                                                                      Current pricing model (high level)<\/h3>\n\n\n\n
                                                                      Microsoft Purview pricing commonly includes:\n– Data Map capacity<\/strong> (often billed as \u201ccapacity units\u201d per hour):\n  The Data Map powers catalog search and metadata graph storage\/operations.\n– Scanning and classification<\/strong> (often billed by compute\/time, such as vCore-hours or similar):\n  Costs depend on number of sources, scan frequency, and depth of classification.\n– Potential additional charges for optional capabilities (for example, insights\/reporting, data estate features)\u2014verify in official pricing.<\/p>\n\n\n\n
                                                                      Official pricing page (verify latest):\n– Microsoft Purview pricing: https:\/\/azure.microsoft.com\/pricing\/details\/microsoft-purview\/\n– Azure Pricing Calculator: https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/p>\n\n\n\n
                                                                      Pricing dimensions to understand<\/h3>\n\n\n\n
                                                                        \n
                                                                      • Hours of Data Map capacity<\/strong>: baseline cost driver for keeping the catalog active.<\/li>\n
                                                                      • Scan execution costs<\/strong>: driven by scan runtime and classification settings.<\/li>\n
                                                                      • Number\/type of sources<\/strong>: some connectors are heavier (large SQL estates, deep folder trees).<\/li>\n
                                                                      • Metadata volume<\/strong>: number of assets, columns, files, partitions; can impact performance and operational overhead.<\/li>\n<\/ul>\n\n\n\n
                                                                        Free tier<\/h3>\n\n\n\n
                                                                          \n
                                                                        • Microsoft Purview has historically offered limited free scanning\/capacity in some contexts or trials, but this changes. Verify in official pricing<\/strong>.<\/li>\n<\/ul>\n\n\n\n
                                                                          Cost drivers (direct)<\/h3>\n\n\n\n
                                                                            \n
                                                                          • Running Data Map capacity continuously.<\/li>\n
                                                                          • Scheduling frequent scans (e.g., hourly scans across many sources).<\/li>\n
                                                                          • Enabling deep classification or patterns that increase scan runtime.<\/li>\n<\/ul>\n\n\n\n
                                                                            Hidden or indirect costs<\/h3>\n\n\n\n
                                                                              \n
                                                                            • Data source costs<\/strong>: scanning may generate requests\/transactions on Storage or SQL.<\/li>\n
                                                                            • Network<\/strong>: if scanning crosses network boundaries, private endpoints and data egress considerations may apply.<\/li>\n
                                                                            • Log storage<\/strong>: sending diagnostics to Log Analytics incurs ingestion\/retention cost.<\/li>\n
                                                                            • Operational labor<\/strong>: stewardship and governance activities are real costs; plan an operating model.<\/li>\n<\/ul>\n\n\n\n
                                                                              Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                \n
                                                                              • Metadata scanning usually reads metadata, but classification can require reading file contents or samples depending on configuration and connector behavior. Control scan rules and scope to manage both cost and risk. Verify scan behavior per connector<\/strong>.<\/li>\n<\/ul>\n\n\n\n
                                                                                How to optimize cost<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Start with a narrow scope<\/strong> (one collection, one storage account) and expand.<\/li>\n
                                                                                • Schedule scans based on data change rate (daily\/weekly for stable sources).<\/li>\n
                                                                                • Exclude noisy paths (temp folders, staging, logs).<\/li>\n
                                                                                • Curate \u201cgold\u201d datasets first; avoid trying to catalog everything on day one.<\/li>\n
                                                                                • Use diagnostics selectively; retain only what you need.<\/li>\n<\/ul>\n\n\n\n
                                                                                  Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n
                                                                                  A low-cost pilot typically includes:\n– One Purview account\n– One ADLS Gen2 source\n– A small number of scanned folders\/containers\n– A daily scan schedule\n– Minimal classification rules initially<\/p>\n\n\n\n
                                                                                  Exact costs depend on:\n– Your region\u2019s Purview rates\n– How long the Data Map capacity is active\n– Scan runtime for your data patterns\nUse the pricing calculator with your region and expected scan schedule.<\/p>\n\n\n\n
                                                                                  Example production cost considerations<\/h3>\n\n\n\n
                                                                                  Production environments commonly add:\n– Multiple sources (data lake + SQL + BI)\n– Higher scan frequency for critical assets\n– Deeper classification and glossary stewardship\n– Private networking and centralized logging<\/p>\n\n\n\n
                                                                                  The biggest levers are:\n– Data Map capacity-hours\n– Total scan compute\/time across the estate\n– Scan scope (asset counts and folder depth)<\/p>\n\n\n\n
                                                                                  \n\n\n\n
                                                                                  10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                  This lab uses the current Azure approach<\/strong>: Microsoft Purview Data Catalog<\/strong> (Data Catalog) scanning an ADLS Gen2<\/strong> storage account. It is designed to be low-risk and relatively low-cost, but costs can still occur\u2014monitor your Purview pricing dimensions.<\/p>\n\n\n\n
                                                                                  Objective<\/h3>\n\n\n\n
                                                                                  Deploy Data Catalog (via a Microsoft Purview account), create a small ADLS Gen2 dataset, scan it into the catalog, and validate that you can search and enrich metadata (owner\/description\/glossary).<\/p>\n\n\n\n
                                                                                  Lab Overview<\/h3>\n\n\n\n
                                                                                  You will:\n1. Create an ADLS Gen2 storage account and upload a sample CSV.\n2. Create a Microsoft Purview account (Data Catalog).\n3. Grant Purview\u2019s managed identity read access to the storage account for scanning.\n4. Register the storage account as a data source and run a scan.\n5. Search and browse the discovered asset.\n6. Add business metadata (description\/glossary term).\n7. Clean up resources.<\/p>\n\n\n\n
                                                                                  Step 1: Create a resource group<\/h3>\n\n\n\n
                                                                                  Azure Portal<\/strong>\n1. Go to Resource groups<\/strong> \u2192 Create<\/strong>.\n2. Choose your subscription.\n3. Name: rg-datacatalog-lab<\/code>\n4. Region: choose one where Microsoft Purview is available (verify availability).<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> A new resource group exists.<\/p>\n\n\n\n
                                                                                  Optional Azure CLI<\/strong><\/p>\n\n\n\n
                                                                                  az group create --name rg-datacatalog-lab --location <YOUR_AZURE_REGION>\n<\/code><\/pre>\n\n\n\n
                                                                                  Step 2: Create an ADLS Gen2 storage account<\/h3>\n\n\n\n
                                                                                  Azure Portal<\/strong>\n1. Go to Storage accounts<\/strong> \u2192 Create<\/strong>.\n2. Resource group: rg-datacatalog-lab<\/code>\n3. Storage account name: globally unique, e.g. stcataloglab<random><\/code>\n4. Region: same as your RG (recommended)\n5. Performance: Standard (fine for lab)\n6. In Advanced<\/strong> (or Data Lake Storage Gen2<\/strong>) enable:\n   – Hierarchical namespace<\/strong> = Enabled<\/strong>\n7. Create the account.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> Storage account is created with hierarchical namespace enabled.<\/p>\n\n\n\n
                                                                                  Step 3: Create a container (file system) and upload a sample CSV<\/h3>\n\n\n\n
                                                                                  Azure Portal<\/strong>\n1. Open the storage account.\n2. Go to Storage browser<\/strong> (or Containers<\/strong> \/ Data Lake Gen2<\/strong> depending on portal UI).\n3. Create a container \/ file system named: raw<\/code>\n4. Create a folder named: sales<\/code>\n5. Upload a file named orders.csv<\/code> with content like:<\/p>\n\n\n\n
                                                                                  Create a local file orders.csv<\/code>:<\/p>\n\n\n\n
                                                                                  order_id,order_date,customer_id,amount,country\n1001,2025-01-05,C001,120.50,US\n1002,2025-01-08,C002,89.99,GB\n1003,2025-01-11,C003,42.10,IN\n<\/code><\/pre>\n\n\n\n
                                                                                  Expected outcome:<\/strong> File exists at a path like raw\/sales\/orders.csv<\/code>.<\/p>\n\n\n\n
                                                                                  Verification<\/strong>\n– Confirm you can see the file in the portal Storage Browser.<\/p>\n\n\n\n
                                                                                  Step 4: Create the Data Catalog (Microsoft Purview account)<\/h3>\n\n\n\n
                                                                                  Azure Portal<\/strong>\n1. Search for Microsoft Purview<\/strong> and open it.\n2. Click Create<\/strong>.\n3. Basics:\n   – Subscription: your subscription\n   – Resource group: rg-datacatalog-lab<\/code>\n   – Name: pv-datacatalog-lab<\/code> (must be unique per naming rules)\n   – Region: choose supported region\n4. Review + create.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> A Microsoft Purview account is deployed.<\/p>\n\n\n\n
                                                                                  Verification<\/strong>\n– Open the Purview account resource \u2192 confirm it shows as Succeeded<\/strong>.\n– Locate the link to open the Purview portal \/ governance portal (naming in portal may vary).<\/p>\n\n\n\n
                                                                                  Step 5: Assign permissions for scanning (Purview managed identity \u2192 Storage)<\/h3>\n\n\n\n
                                                                                  Purview scans your data sources using an identity\/credential. For many Azure sources, the simplest approach is granting the Purview account\u2019s managed identity<\/strong> the required data-plane permissions.<\/p>\n\n\n\n
                                                                                  Azure Portal (Storage account RBAC)<\/strong>\n1. Open the Storage account<\/strong> you created.\n2. Go to Access control (IAM)<\/strong> \u2192 Add role assignment<\/strong>.\n3. Role: typically Storage Blob Data Reader<\/strong> (verify required roles for Purview scanning in the official connector doc).\n4. Assign access to: Managed identity<\/strong>\n5. Select members:\n   – Choose your Microsoft Purview account<\/strong> managed identity.\n6. Review + assign.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> Purview managed identity has read access to Storage blobs\/files for scanning.<\/p>\n\n\n\n
                                                                                  Verification<\/strong>\n– In the storage account IAM, confirm the role assignment exists.<\/p>\n\n\n\n
                                                                                  \n
                                                                                  If you cannot find the Purview managed identity in the picker, ensure the Purview account has a system-assigned managed identity enabled (commonly enabled by default for scanning scenarios). Verify in Purview account identity settings and official docs.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                  Step 6: Open the Purview portal and configure collections (optional but recommended)<\/h3>\n\n\n\n
                                                                                  Inside the Purview portal:\n1. Find Collections<\/strong>.\n2. Confirm the default root collection exists.\n3. (Optional) Create a child collection named lab<\/code>.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> A collection exists to organize lab assets.<\/p>\n\n\n\n
                                                                                  Step 7: Register the ADLS Gen2 storage account as a data source<\/h3>\n\n\n\n
                                                                                  In the Purview portal:\n1. Go to Data map<\/strong> \u2192 Sources<\/strong> (UI labels vary slightly).\n2. Register<\/strong> a source.\n3. Choose source type: Azure Data Lake Storage Gen2<\/strong> (or Azure Storage; pick the option matching ADLS Gen2).\n4. Select your subscription and storage account (or enter resource ID if required).\n5. Assign it to the lab<\/code> collection (or default collection).\n6. Save\/register.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> The storage account appears as a registered source.<\/p>\n\n\n\n
                                                                                  Step 8: Create and run a scan<\/h3>\n\n\n\n
                                                                                  In the Purview portal:\n1. Open the registered ADLS Gen2 source.\n2. Choose New scan<\/strong>.\n3. Configure:\n   – Name: scan-raw-sales<\/code>\n   – Credential \/ authentication: choose the managed identity option if available for your configuration\n   – Scope: select the raw\/sales<\/code> path (avoid scanning the entire account for the lab)\n   – Classification rules: start with defaults (you can tune later)\n   – Scan rule set: default (unless you have a reason to customize)\n4. Run the scan now.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> Scan status moves from queued\/running to succeeded, and assets appear in the catalog.<\/p>\n\n\n\n
                                                                                  Verification<\/strong>\n– Check scan run history\/status.\n– If the scan succeeds, proceed. If it fails, go to Troubleshooting.<\/p>\n\n\n\n
                                                                                  Step 9: Search\/browse the discovered asset in Data Catalog<\/h3>\n\n\n\n
                                                                                  In the Purview portal:\n1. Go to Data Catalog<\/strong> \u2192 Browse<\/strong> or Search<\/strong>.\n2. Search for: orders.csv<\/code> or orders<\/code>.\n3. Open the asset.<\/p>\n\n\n\n
                                                                                  Expected outcome:<\/strong> You can view the asset details page, including technical metadata (file type, path, possibly schema inference depending on support).<\/p>\n\n\n\n
                                                                                  Step 10: Enrich the asset with business metadata (description, owner, glossary)<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  1. On the asset page, add:\n   – Description<\/strong>: e.g., \u201cRaw sales orders exported daily from ecommerce system.\u201d\n   – Owner \/ Contact<\/strong>: assign yourself for the lab.<\/li>\n
                                                                                  2. Create a glossary term:\n   – Go to Glossary<\/strong> \u2192 New term<\/strong>\n   – Term: Order<\/code>\n   – Definition: \u201cA purchase transaction placed by a customer.\u201d<\/li>\n
                                                                                  3. Link the glossary term to the asset (UI typically supports adding terms to assets).<\/li>\n<\/ol>\n\n\n\n
                                                                                    Expected outcome:<\/strong> The asset becomes easier to understand; search results may reflect glossary linkages and description content.<\/p>\n\n\n\n
                                                                                    \n\n\n\n
                                                                                    Validation<\/h3>\n\n\n\n
                                                                                    Use this checklist:\n– [ ] Purview account exists and you can open the Purview portal.\n– [ ] ADLS Gen2 storage account exists and has raw\/sales\/orders.csv<\/code>.\n– [ ] Purview managed identity has Storage read permissions.\n– [ ] Source is registered in Purview.\n– [ ] Scan completes successfully.\n– [ ] orders.csv<\/code> appears in Data Catalog search\/browse.\n– [ ] You can add description\/owner and create\/link a glossary term.<\/p>\n\n\n\n
                                                                                    \n\n\n\n
                                                                                    Troubleshooting<\/h3>\n\n\n\n
                                                                                    Common issues and realistic fixes:<\/p>\n\n\n\n
                                                                                      \n
                                                                                    1. \n
                                                                                      Scan fails with permission\/authorization error<\/strong>\n   – Cause:<\/strong> Purview identity lacks data-plane permissions.\n   – Fix:<\/strong> Re-check Storage IAM role assignment for the Purview managed identity. Ensure it\u2019s applied at the correct scope (storage account is simplest). Verify required role in connector docs.<\/p>\n<\/li>\n
                                                                                    2. \n
                                                                                      Cannot select the Purview managed identity<\/strong>\n   – Cause:<\/strong> Identity not enabled or directory permissions delay.\n   – Fix:<\/strong> Confirm the Purview account has a managed identity enabled (where applicable). Wait a few minutes and retry. Verify in official docs.<\/p>\n<\/li>\n
                                                                                    3. \n
                                                                                      No assets appear after a successful scan<\/strong>\n   – Cause:<\/strong> Scan scope excludes the folder, or file type not included, or scan rule set excludes CSV.\n   – Fix:<\/strong> Confirm scan path includes raw\/sales<\/code>. Verify scan rule set includes CSV. Re-run scan.<\/p>\n<\/li>\n
                                                                                    4. \n
                                                                                      Scan takes too long<\/strong>\n   – Cause:<\/strong> Scope too broad (scanning entire storage account).\n   – Fix:<\/strong> Narrow the scan scope to a specific container\/folder. Reduce classification depth for the lab.<\/p>\n<\/li>\n
                                                                                    5. \n
                                                                                      You can\u2019t edit metadata (description\/owner)<\/strong>\n   – Cause:<\/strong> Your user lacks Purview catalog curation permissions for that collection.\n   – Fix:<\/strong> Have a Purview admin grant you the appropriate Purview role at the correct collection scope.<\/p>\n<\/li>\n
                                                                                    6. \n
                                                                                      Purview resource not available in your region<\/strong>\n   – Cause:<\/strong> Region availability constraints.\n   – Fix:<\/strong> Create resources in a supported region (verify current region list).<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                      \n\n\n\n
                                                                                      Cleanup<\/h3>\n\n\n\n
                                                                                      To avoid ongoing charges:\n1. Delete the resource group rg-datacatalog-lab<\/strong>:\n   – This removes the Purview account and storage account.\n2. Confirm deletion completes.\n3. If you used diagnostic logs to Log Analytics, ensure the workspace is deleted (if created) or stop retention\/ingestion as required.<\/p>\n\n\n\n
                                                                                      Azure CLI cleanup<\/strong><\/p>\n\n\n\n
                                                                                      az group delete --name rg-datacatalog-lab --yes --no-wait\n<\/code><\/pre>\n\n\n\n
                                                                                      \n\n\n\n
                                                                                      11. Best Practices<\/h2>\n\n\n\n
                                                                                      Architecture best practices<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • Start with a target operating model<\/strong>: define who owns collections, scanning, glossary, and curation.<\/li>\n
                                                                                      • Use collections aligned to your org structure<\/strong> (domains, business units, environments).<\/li>\n
                                                                                      • Implement a curation pattern<\/strong>:<\/li>\n
                                                                                      • Raw \u2192 curated \u2192 certified (even if \u201ccertified\u201d is a process rather than a feature flag)<\/li>\n
                                                                                      • Integrate Data Catalog with your analytics platform rollout:<\/li>\n
                                                                                      • As new sources are deployed, add \u201ccatalog registration + scan\u201d to the delivery checklist.<\/li>\n<\/ul>\n\n\n\n
                                                                                        IAM\/security best practices<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • Apply least privilege<\/strong>:<\/li>\n
                                                                                        • Purview scanning identity should have metadata read<\/em> only.<\/li>\n
                                                                                        • Avoid granting write permissions to data sources.<\/li>\n
                                                                                        • Separate duties:<\/li>\n
                                                                                        • Catalog admins vs data stewards vs catalog readers.<\/li>\n
                                                                                        • Perform access reviews<\/strong> regularly for Purview roles and collection admins.<\/li>\n
                                                                                        • Treat metadata as sensitive\u2014schemas and names can reveal confidential business concepts.<\/li>\n<\/ul>\n\n\n\n
                                                                                          Cost best practices<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • Control scan scope:<\/li>\n
                                                                                          • Avoid scanning entire lakes by default.<\/li>\n
                                                                                          • Exclude transient\/staging paths.<\/li>\n
                                                                                          • Schedule scans based on change frequency.<\/li>\n
                                                                                          • Pilot with a limited number of sources and expand based on value.<\/li>\n<\/ul>\n\n\n\n
                                                                                            Performance best practices<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • Keep scans targeted and avoid unnecessary deep classification.<\/li>\n
                                                                                            • Use incremental governance: prioritize high-value datasets first.<\/li>\n<\/ul>\n\n\n\n
                                                                                              Reliability best practices<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Use consistent naming conventions for scans and collections.<\/li>\n
                                                                                              • Document scan schedules and owners for operational continuity.<\/li>\n
                                                                                              • Use monitoring\/alerts (where available) for scan failures and operational health.<\/li>\n<\/ul>\n\n\n\n
                                                                                                Operations best practices<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Maintain a runbook:<\/li>\n
                                                                                                • Scan failure triage<\/li>\n
                                                                                                • Permission change process<\/li>\n
                                                                                                • New source onboarding<\/li>\n
                                                                                                • Use tagging standards for Azure resources (Purview account, resource group, storage accounts):<\/li>\n
                                                                                                • env<\/code>, owner<\/code>, costCenter<\/code>, dataDomain<\/code><\/li>\n<\/ul>\n\n\n\n
                                                                                                  Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Collections: prod<\/code>, nonprod<\/code>, then domains under each (or domains first, environments second\u2014pick one).<\/li>\n
                                                                                                  • Glossary:<\/li>\n
                                                                                                  • Define term approval workflow.<\/li>\n
                                                                                                  • Add synonyms and examples to improve adoption.<\/li>\n
                                                                                                  • Metadata:<\/li>\n
                                                                                                  • Require owner + description for curated datasets.<\/li>\n<\/ul>\n\n\n\n
                                                                                                    \n\n\n\n
                                                                                                    12. Security Considerations<\/h2>\n\n\n\n
                                                                                                    Identity and access model<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • User access<\/strong> uses Azure AD authentication.<\/li>\n
                                                                                                    • Authorization<\/strong> is enforced by Purview roles and collection scoping.<\/li>\n
                                                                                                    • Scanning access<\/strong> to sources is separate and requires explicit permissions on each data source.<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Key principle: Catalog access \u2260 data access<\/strong>.\nSeeing metadata does not automatically grant access to the underlying data, but metadata itself can be sensitive.<\/p>\n\n\n\n
                                                                                                      Encryption<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • Azure services generally encrypt data at rest and in transit. Confirm the specifics for Microsoft Purview in official security documentation:\n  https:\/\/learn.microsoft.com\/purview\/<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Network exposure<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • For production, evaluate:<\/li>\n
                                                                                                        • Public endpoint exposure<\/li>\n
                                                                                                        • Private endpoints for Purview and sources (where supported)<\/li>\n
                                                                                                        • Scanning across VNets and private networks\nVerify supported private networking patterns in Purview docs before design.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          Secrets handling<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Prefer managed identity<\/strong> over stored secrets where supported.<\/li>\n
                                                                                                          • If connector requires secrets:<\/li>\n
                                                                                                          • Store them in Azure Key Vault<\/strong><\/li>\n
                                                                                                          • Restrict Key Vault access<\/li>\n
                                                                                                          • Rotate secrets regularly<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Audit\/logging<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            • Use Azure Activity Log<\/strong> for resource-level operations.<\/li>\n
                                                                                                            • Enable Purview diagnostic settings (where available) to route logs to Log Analytics \/ Event Hub \/ Storage for retention and analysis.<\/li>\n
                                                                                                            • Audit role assignments and permission changes (Azure RBAC + Purview roles).<\/li>\n<\/ul>\n\n\n\n
                                                                                                              Compliance considerations<\/h3>\n\n\n\n
                                                                                                                \n
                                                                                                              • Understand your regulatory requirements:<\/li>\n
                                                                                                              • Data residency (Purview region)<\/li>\n
                                                                                                              • Metadata retention and access<\/li>\n
                                                                                                              • Separation between business units\nAlways verify compliance statements in Microsoft\u2019s trust documentation.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                Common security mistakes<\/h3>\n\n\n\n
                                                                                                                  \n
                                                                                                                • Granting Purview scanning identity overly broad permissions (e.g., Storage Blob Data Owner).<\/li>\n
                                                                                                                • Making the catalog widely readable when metadata reveals confidential projects.<\/li>\n
                                                                                                                • Scanning sensitive sources without aligning classification policies and steward review.<\/li>\n
                                                                                                                • No owner\/steward model, leading to stale and misleading metadata.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                  Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  • Use private networking where appropriate.<\/li>\n
                                                                                                                  • Limit catalog visibility by collection and role.<\/li>\n
                                                                                                                  • Apply least privilege to scanning identities.<\/li>\n
                                                                                                                  • Establish a governance workflow for glossary and curated dataset standards.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                    \n\n\n\n
                                                                                                                    13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                    Because Microsoft Purview evolves rapidly, confirm these in official docs for your tenant\/region.<\/p>\n\n\n\n
                                                                                                                      \n
                                                                                                                    • Service naming confusion:<\/strong> \u201cAzure Data Catalog\u201d (legacy) is retired; the supported service is Microsoft Purview Data Catalog<\/strong>.<\/li>\n
                                                                                                                    • Connector variability:<\/strong> Not all sources support the same depth of metadata extraction, classification, or lineage.<\/li>\n
                                                                                                                    • Lineage coverage is not universal:<\/strong> Lineage is powerful but depends on supported systems and integration configuration.<\/li>\n
                                                                                                                    • Permissions are two-layered:<\/strong><\/li>\n
                                                                                                                    • Purview roles control catalog administration\/curation<\/li>\n
                                                                                                                    • Source permissions control scanning<\/li>\n
                                                                                                                    • Cost surprises:<\/strong><\/li>\n
                                                                                                                    • Scanning broad scopes (entire lakes) can increase scan compute\/time.<\/li>\n
                                                                                                                    • Keeping Data Map capacity running continuously is a baseline cost driver.<\/li>\n
                                                                                                                    • Metadata sensitivity:<\/strong> Even without data access, metadata can expose sensitive business details.<\/li>\n
                                                                                                                    • Regional availability constraints:<\/strong> Some features and regions may lag; verify supported regions and features.<\/li>\n
                                                                                                                    • Operational overhead:<\/strong> A catalog without stewardship becomes stale; plan people\/process, not just tooling.<\/li>\n
                                                                                                                    • Migration challenges:<\/strong> If you are migrating from a legacy catalog, expect mapping work for glossary terms, owners, and asset identifiers.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                      \n\n\n\n
                                                                                                                      14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                      Data Catalog (Microsoft Purview Data Catalog) is one option in the Azure Analytics governance space. Alternatives include other cloud catalogs and open-source metadata platforms.<\/p>\n\n\n\n
                                                                                                                      \n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                      Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                      Data Catalog (Microsoft Purview Data Catalog)<\/strong><\/td>\nAzure-centric enterprises needing governance + discovery<\/td>\nDeep Azure integration, collections, scanning, glossary, enterprise governance patterns<\/td>\nCosts can grow with scans\/capacity; connector\/lineage coverage varies<\/td>\nYou run analytics on Azure and need an enterprise catalog<\/td>\n<\/tr>\n
                                                                                                                      Microsoft Fabric (catalog\/discovery features within Fabric)<\/strong><\/td>\nTeams standardized on Fabric<\/td>\nTight integration with Fabric workloads<\/td>\nNot a full replacement for enterprise-wide multi-source governance in all cases<\/td>\nYou are all-in on Fabric and scope is mainly Fabric assets<\/td>\n<\/tr>\n
                                                                                                                      Azure Synapse Studio (workspace metadata)<\/strong><\/td>\nSynapse-centric teams<\/td>\nConvenient within Synapse workflows<\/td>\nNot an enterprise-wide catalog across all sources<\/td>\nYou only need discovery within a Synapse workspace<\/td>\n<\/tr>\n
                                                                                                                      Databricks Unity Catalog (on Azure Databricks)<\/strong><\/td>\nLakehouse governance for Databricks users<\/td>\nStrong governance for Databricks data\/AI assets<\/td>\nFocused on Databricks ecosystem; not a general Azure-wide catalog<\/td>\nYour primary platform is Databricks and you want unified governance there<\/td>\n<\/tr>\n
                                                                                                                      AWS Glue Data Catalog<\/strong><\/td>\nAWS data lake and Athena\/Glue ecosystems<\/td>\nNative AWS integration; widely used in AWS analytics<\/td>\nNot Azure-native; cross-cloud adds complexity<\/td>\nYour estate is primarily on AWS<\/td>\n<\/tr>\n
                                                                                                                      Google Cloud Dataplex \/ Data Catalog<\/strong><\/td>\nGCP analytics governance<\/td>\nStrong GCP integration<\/td>\nNot Azure-native<\/td>\nYour estate is primarily on GCP<\/td>\n<\/tr>\n
                                                                                                                      Apache Atlas (self-managed)<\/strong><\/td>\nCustom governance in self-managed Hadoop\/lake stacks<\/td>\nOpen-source; customizable<\/td>\nOperational burden; scaling and UI experience vary<\/td>\nYou need self-managed control and accept ops overhead<\/td>\n<\/tr>\n
                                                                                                                      DataHub \/ Amundsen (self-managed)<\/strong><\/td>\nMetadata platform with extensibility<\/td>\nStrong community; integrates via pipelines<\/td>\nYou must host\/operate; governance workflows depend on implementation<\/td>\nYou want open metadata platform with custom integrations<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                      \n\n\n\n
                                                                                                                      15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                      Enterprise example (regulated industry)<\/h3>\n\n\n\n
                                                                                                                        \n
                                                                                                                      • Problem:<\/strong> A bank has multiple Azure subscriptions with ADLS Gen2, Azure SQL, Synapse, and Power BI. Auditors require proof of sensitive data discovery and ownership. Analysts waste time searching for \u201capproved\u201d datasets.<\/li>\n
                                                                                                                      • Proposed architecture:<\/strong><\/li>\n
                                                                                                                      • One or more Microsoft Purview accounts (depending on org boundaries) hosting Data Catalog.<\/li>\n
                                                                                                                      • Collections aligned to business domains (Retail, Corporate, Risk) with delegated admins.<\/li>\n
                                                                                                                      • Scans for ADLS Gen2 and Azure SQL scheduled daily\/weekly.<\/li>\n
                                                                                                                      • Glossary curated by a data governance office; terms linked to key assets.<\/li>\n
                                                                                                                      • Diagnostic logs routed to a central Log Analytics workspace.<\/li>\n
                                                                                                                      • Private endpoints for Purview and data sources (where supported) for network control.<\/li>\n
                                                                                                                      • Why Data Catalog was chosen:<\/strong><\/li>\n
                                                                                                                      • Azure-native identity model (Azure AD), governance features (collections), and integration with Azure data estate.<\/li>\n
                                                                                                                      • Expected outcomes:<\/strong><\/li>\n
                                                                                                                      • Faster discovery of trusted datasets.<\/li>\n
                                                                                                                      • Improved audit readiness (ownership\/classification visibility).<\/li>\n
                                                                                                                      • Reduced incident time through better metadata and lineage (where supported).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                        Startup\/small-team example<\/h3>\n\n\n\n
                                                                                                                          \n
                                                                                                                        • Problem:<\/strong> A startup scales from one database to a small lakehouse. Analysts and engineers repeatedly ask where the latest datasets live and what columns mean.<\/li>\n
                                                                                                                        • Proposed architecture:<\/strong><\/li>\n
                                                                                                                        • Single Microsoft Purview account (Data Catalog).<\/li>\n
                                                                                                                        • One collection for prod<\/code>, one for dev<\/code>.<\/li>\n
                                                                                                                        • Scans only for the curated zone of ADLS Gen2 and the main Azure SQL database.<\/li>\n
                                                                                                                        • Lightweight glossary with 20\u201350 critical terms.<\/li>\n
                                                                                                                        • Why Data Catalog was chosen:<\/strong><\/li>\n
                                                                                                                        • Quick setup, managed service, and search-based discovery without building a custom metadata app.<\/li>\n
                                                                                                                        • Expected outcomes:<\/strong><\/li>\n
                                                                                                                        • Better onboarding.<\/li>\n
                                                                                                                        • Fewer duplicated datasets.<\/li>\n
                                                                                                                        • Clear ownership and definitions for core KPIs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          16. FAQ<\/h2>\n\n\n\n
                                                                                                                            \n
                                                                                                                          1. \n
                                                                                                                            Is Azure Data Catalog still available?<\/strong>\n   No. The standalone Azure Data Catalog<\/strong> product was retired. The supported \u201cData Catalog\u201d capability in Azure today is delivered through Microsoft Purview Data Catalog<\/strong>. Verify retirement details and timelines in Microsoft announcements and docs.<\/p>\n<\/li>\n
                                                                                                                          2. \n
                                                                                                                            What is the difference between Microsoft Purview and Data Catalog?<\/strong>\n   Microsoft Purview is the broader governance service. Data Catalog<\/strong> is a core capability within it focused on discovering and curating metadata<\/strong>.<\/p>\n<\/li>\n
                                                                                                                          3. \n
                                                                                                                            Does Data Catalog store my actual data?<\/strong>\n   It stores metadata<\/strong> (information about data), not typically the full dataset. Classification may inspect portions of content depending on configuration and connector behavior\u2014verify per connector.<\/p>\n<\/li>\n
                                                                                                                          4. \n
                                                                                                                            Does catalog access grant data access?<\/strong>\n   No. Catalog access and underlying data access are separate. You still need permissions on the actual data source to read the data.<\/p>\n<\/li>\n
                                                                                                                          5. \n
                                                                                                                            Which data sources are supported?<\/strong>\n   Support depends on Purview connectors. Azure sources commonly include ADLS Gen2 and Azure SQL, plus others. Verify the current supported sources list in official docs.<\/p>\n<\/li>\n
                                                                                                                          6. \n
                                                                                                                            Can I catalog data across multiple Azure subscriptions?<\/strong>\n   Often yes, within the same Azure AD tenant, provided scanning identities and permissions are configured correctly.<\/p>\n<\/li>\n
                                                                                                                          7. \n
                                                                                                                            How does scanning authenticate to Azure Storage?<\/strong>\n   Commonly via the Purview account\u2019s managed identity<\/strong> with Azure RBAC roles on the Storage account. Some scenarios may use other credential methods\u2014verify in connector docs.<\/p>\n<\/li>\n
                                                                                                                          8. \n
                                                                                                                            How often should I run scans?<\/strong>\n   Based on data change rate and cost. Start with daily\/weekly scans for stable datasets; increase frequency only for high-value assets that change often.<\/p>\n<\/li>\n
                                                                                                                          9. \n
                                                                                                                            What is a collection and why do I need it?<\/strong>\n   Collections organize assets and allow delegated administration<\/strong> and access boundaries\u2014important at enterprise scale.<\/p>\n<\/li>\n
                                                                                                                          10. \n
                                                                                                                            Can I create a business glossary and link it to assets?<\/strong>\n   Yes. The glossary is a key feature for standardizing definitions and improving discoverability.<\/p>\n<\/li>\n
                                                                                                                          11. \n
                                                                                                                            Does Data Catalog provide lineage?<\/strong>\n   It can, but lineage depends on supported sources and integrations (for example, some pipeline tools and BI integrations). Verify lineage support for your stack.<\/p>\n<\/li>\n
                                                                                                                          12. \n
                                                                                                                            How do I prevent scanning sensitive folders?<\/strong>\n   Narrow scan scope to specific paths, and use exclusion patterns\/rules where supported. Also apply least-privilege permissions.<\/p>\n<\/li>\n
                                                                                                                          13. \n
                                                                                                                            How do I monitor scan failures?<\/strong>\n   Use scan run history in the Purview portal, and enable Azure diagnostics\/logging where supported to centralize monitoring.<\/p>\n<\/li>\n
                                                                                                                          14. \n
                                                                                                                            Can I use Infrastructure as Code to deploy it?<\/strong>\n   The Purview account is an Azure resource and can be deployed via ARM\/Bicep\/Terraform patterns. Automation for scans and curation varies\u2014verify current API support.<\/p>\n<\/li>\n
                                                                                                                          15. \n
                                                                                                                            What are the most common reasons catalogs fail to deliver value?<\/strong>\n   Scanning everything without curation, no ownership model, stale glossary, and lack of integration into delivery processes.<\/p>\n<\/li>\n
                                                                                                                          16. \n
                                                                                                                            Is Data Catalog an Analytics service or a governance service?<\/strong>\n   It supports Analytics by improving discovery and trust, but it is fundamentally a governance\/metadata<\/strong> service used across analytics workflows.<\/p>\n<\/li>\n
                                                                                                                          17. \n
                                                                                                                            How do I estimate costs?<\/strong>\n   Use the official Purview pricing page plus the Azure Pricing Calculator. Your main levers are Data Map capacity-hours and scan runtime\/frequency.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            17. Top Online Resources to Learn Data Catalog<\/h2>\n\n\n\n
                                                                                                                            \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                            Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                            Official documentation<\/td>\nMicrosoft Purview docs<\/td>\nPrimary source for current capabilities, connectors, and setup: https:\/\/learn.microsoft.com\/purview\/<\/td>\n<\/tr>\n
                                                                                                                            Official overview<\/td>\nMicrosoft Purview Data Catalog overview<\/td>\nExplains concepts, roles, and discovery experience: https:\/\/learn.microsoft.com\/purview\/purview-data-catalog-overview<\/td>\n<\/tr>\n
                                                                                                                            Official quickstart<\/td>\nCreate a Microsoft Purview account<\/td>\nStep-by-step account creation and basics (verify latest): https:\/\/learn.microsoft.com\/purview\/create-microsoft-purview-account<\/td>\n<\/tr>\n
                                                                                                                            Official connectors<\/td>\nMicrosoft Purview data sources \/ connectors<\/td>\nLists supported sources and configuration requirements (verify latest): https:\/\/learn.microsoft.com\/purview\/purview-data-sources<\/td>\n<\/tr>\n
                                                                                                                            Official pricing<\/td>\nMicrosoft Purview pricing<\/td>\nExplains pricing dimensions: https:\/\/azure.microsoft.com\/pricing\/details\/microsoft-purview\/<\/td>\n<\/tr>\n
                                                                                                                            Cost estimation tool<\/td>\nAzure Pricing Calculator<\/td>\nBuild region-specific estimates: https:\/\/azure.microsoft.com\/pricing\/calculator\/<\/td>\n<\/tr>\n
                                                                                                                            Architecture guidance<\/td>\nAzure Architecture Center<\/td>\nBroader Azure analytics\/governance architecture patterns: https:\/\/learn.microsoft.com\/azure\/architecture\/<\/td>\n<\/tr>\n
                                                                                                                            Security\/trust<\/td>\nMicrosoft Trust Center<\/td>\nCompliance, privacy, and security posture: https:\/\/www.microsoft.com\/trust-center<\/td>\n<\/tr>\n
                                                                                                                            Video learning<\/td>\nMicrosoft Mechanics (YouTube)<\/td>\nOften covers Purview governance concepts and updates (verify relevant episodes): https:\/\/www.youtube.com\/@MicrosoftMechanics<\/td>\n<\/tr>\n
                                                                                                                            Samples (verify official)<\/td>\nMicrosoft Purview GitHub (search)<\/td>\nCode samples and API usage may exist; validate repo authenticity and currency: https:\/\/github.com\/search?q=Microsoft+Purview+samples<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                            \n\n\n\n\n\n\n\n\n
                                                                                                                            Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                            DevOpsSchool.com<\/td>\nDevOps engineers, cloud engineers, platform teams<\/td>\nAzure governance\/DevOps adjacent skills; may include Purview and data platform modules (verify)<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                            ScmGalaxy.com<\/td>\nStudents, engineers transitioning to DevOps\/cloud<\/td>\nFundamentals and tooling; may include cloud governance topics (verify)<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                            CLoudOpsNow.in<\/td>\nCloud operations and SRE\/ops teams<\/td>\nCloud operations practices, monitoring, governance basics (verify)<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                            SreSchool.com<\/td>\nSREs, reliability engineers, ops leads<\/td>\nReliability practices that intersect with data platform operations (verify)<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                            AiOpsSchool.com<\/td>\nOps teams exploring AIOps<\/td>\nOperations automation\/monitoring concepts; relevance to Purview is indirect (verify)<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                            \n\n\n\n\n\n\n\n
                                                                                                                            Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                            RajeshKumar.xyz<\/td>\nDevOps\/cloud training content (verify current offerings)<\/td>\nBeginners to intermediate practitioners<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                            devopstrainer.in<\/td>\nDevOps and cloud training (verify modules)<\/td>\nEngineers seeking practical training<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                            devopsfreelancer.com<\/td>\nFreelance DevOps services\/training marketplace style (verify)<\/td>\nTeams looking for short-term expert help<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                            devopssupport.in<\/td>\nDevOps support and training resources (verify)<\/td>\nOps teams needing hands-on guidance<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                            \n\n\n\n\n\n\n
                                                                                                                            Company Name<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                            cotocus.com<\/td>\nCloud\/DevOps consulting (verify specialties)<\/td>\nArchitecture reviews, implementation support, operationalization<\/td>\nPurview rollout planning, RBAC\/collections design, scan strategy and runbooks (verify scope with vendor)<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                            DevOpsSchool.com<\/td>\nTraining + consulting (verify service catalog)<\/td>\nEnablement, implementation guidance, DevOps\/cloud practices<\/td>\nGovernance operating model workshops, IaC patterns for Azure resources, integrations planning (verify scope)<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                            DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify offerings)<\/td>\nDevOps pipelines, cloud operations, best practices<\/td>\nBuilding deployment automation around data platform resources, monitoring and access review processes (verify scope)<\/td>\nhttps:\/\/devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                            What to learn before this service<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Azure fundamentals:<\/li>\n
                                                                                                                            • Subscriptions, resource groups, Azure RBAC, managed identities<\/li>\n
                                                                                                                            • Data fundamentals:<\/li>\n
                                                                                                                            • Databases vs data lakes<\/li>\n
                                                                                                                            • Schemas, partitions, file formats (CSV\/Parquet)<\/li>\n
                                                                                                                            • Security basics:<\/li>\n
                                                                                                                            • Least privilege, network concepts, Key Vault basics<\/li>\n
                                                                                                                            • Analytics basics:<\/li>\n
                                                                                                                            • Common Azure analytics services (ADLS Gen2, Azure SQL, Synapse, Data Factory)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              What to learn after this service<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Advanced Microsoft Purview topics:<\/li>\n
                                                                                                                              • Connector expansion (Power BI, SQL estate, multi-subscription)<\/li>\n
                                                                                                                              • Lineage integrations<\/li>\n
                                                                                                                              • Governance workflows and stewardship operations<\/li>\n
                                                                                                                              • Data platform architecture:<\/li>\n
                                                                                                                              • Lakehouse patterns, medallion architecture<\/li>\n
                                                                                                                              • Data quality tooling and monitoring<\/li>\n
                                                                                                                              • Cloud security:<\/li>\n
                                                                                                                              • Private endpoints, centralized logging, policy enforcement<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Data engineer \/ senior data engineer<\/li>\n
                                                                                                                                • Analytics engineer<\/li>\n
                                                                                                                                • Data platform engineer<\/li>\n
                                                                                                                                • Cloud solutions architect<\/li>\n
                                                                                                                                • Data governance analyst \/ data steward<\/li>\n
                                                                                                                                • Security engineer (data discovery and classification use cases)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                  Microsoft certifications change frequently. There is not always a certification dedicated only to Data Catalog\/Purview. Consider:\n– Azure fundamentals and architecture certifications\n– Data engineering certifications\nVerify the current Microsoft certification catalog: https:\/\/learn.microsoft.com\/credentials\/<\/p>\n\n\n\n
                                                                                                                                  Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  1. Catalog a curated zone of an ADLS Gen2 lake; implement collection strategy by domain.<\/li>\n
                                                                                                                                  2. Build a glossary for 30 key business terms and link them to tables\/files.<\/li>\n
                                                                                                                                  3. Set up scheduled scans and alerting\/runbook for scan failures.<\/li>\n
                                                                                                                                  4. Pilot lineage for a supported pipeline tool and document impact analysis workflow.<\/li>\n
                                                                                                                                  5. Build a \u201ctrusted datasets\u201d curation checklist and apply it to 10 assets.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                                    \n\n\n\n
                                                                                                                                    22. Glossary<\/h2>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Data Catalog:<\/strong> A searchable inventory of data assets plus metadata for discovery and governance.<\/li>\n
                                                                                                                                    • Microsoft Purview account:<\/strong> The Azure resource that hosts Purview governance capabilities, including Data Catalog.<\/li>\n
                                                                                                                                    • Data Map:<\/strong> The metadata store\/index behind the catalog experience.<\/li>\n
                                                                                                                                    • Metadata:<\/strong> Data about data\u2014schemas, descriptions, owners, classifications, tags, and relationships.<\/li>\n
                                                                                                                                    • Business glossary:<\/strong> Central dictionary of business terms and definitions mapped to data assets.<\/li>\n
                                                                                                                                    • Collection:<\/strong> A hierarchical container in Purview used to organize assets and delegate administration.<\/li>\n
                                                                                                                                    • Scan:<\/strong> A configured process that connects to a source and extracts metadata (and optionally classifications).<\/li>\n
                                                                                                                                    • Managed identity:<\/strong> Azure AD identity automatically managed by Azure for authenticating to other services without storing secrets.<\/li>\n
                                                                                                                                    • Classification:<\/strong> Labels applied to data assets\/columns indicating sensitivity or type (e.g., personal identifiers).<\/li>\n
                                                                                                                                    • Lineage:<\/strong> The representation of data flow and transformations across systems from source to consumption.<\/li>\n
                                                                                                                                    • Azure RBAC:<\/strong> Azure role-based access control for managing access to Azure resources.<\/li>\n
                                                                                                                                    • Data plane vs control plane:<\/strong> Data plane is the actual data access; control plane is management\/configuration operations.<\/li>\n
                                                                                                                                    • ADLS Gen2:<\/strong> Azure Data Lake Storage Gen2\u2014Azure Storage with hierarchical namespace for analytics workloads.<\/li>\n
                                                                                                                                    • Least privilege:<\/strong> Security principle of granting only the minimum permissions needed.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      \n\n\n\n
                                                                                                                                      23. Summary<\/h2>\n\n\n\n
                                                                                                                                      Data Catalog in Azure\u2014implemented today as Microsoft Purview Data Catalog<\/strong>\u2014is Microsoft\u2019s supported way to deliver enterprise data discovery, metadata management, and governance<\/strong> across your Analytics estate. It helps teams find data faster, align on definitions through a glossary, and improve trust with ownership and (where supported) lineage and classification.<\/p>\n\n\n\n
                                                                                                                                      From a cost perspective, focus on the Data Map capacity<\/strong> and scan runtime\/frequency<\/strong> as primary drivers, and avoid scanning everything by default. From a security perspective, treat metadata as sensitive, apply least privilege to scanning identities, and use collection-based access boundaries.<\/p>\n\n\n\n
                                                                                                                                      Use Data Catalog when you have a growing, multi-system data estate and need a central discovery layer. Your next step after this tutorial is to expand from a single ADLS scan into a production operating model<\/strong>: collections by domain, curated datasets, glossary governance, and scheduled scans with monitoring.<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                      Analytics<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,40],"tags":[],"class_list":["post-383","post","type-post","status-publish","format-standard","hentry","category-analytics","category-azure"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=383"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/383\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}