Create an exception to deploy Microsoft Purview
Note
The Microsoft Purview Data Catalog is changing its name to Microsoft Purview Unified Catalog. All the features will stay the same. You'll see the name change when the new Microsoft Purview Data Governance experience is generally available in your region. Check the name in your region.
Many subscriptions have Azure Policies in place that restrict the creation or update of some resources. This is to maintain subscription security and cleanliness. However, Microsoft Purview accounts created before December 15, 2023 (or deployed using API version previous to 2023-05-01-preview) deployed an Azure Storage account when it was created. It's managed by Azure, so you don't need to maintain it, but it's necessary for Microsoft Purview to run correctly. Existing policies could block Microsoft Purview from updating this Azure Storage account, which can cause errors during scanning.
Overall, your approach to resolving this error is going to be dependent on your organizations needs and policies, but here are a few ways you could update your policies to resolve this issue.
Create an Azure policy exclusion for Microsoft Purview
To maintain your policies in your subscription, but still allow the creation and updates to these managed resources, you can create an exclusion. For example, adding an exclusion for the resource group where your Microsoft Purview account is being deployed.
For steps to create an exclusion for your policies, see these steps to add an exclusion to your policy.
Use resource selectors on a created policy
Depending on other policies deployed in your subscription, or depending on your region, you could need to add Resource selectors under the Advanced tab when assigning a policy. For example, you might need to add a resource selector for resourceLocation set to the region where you'll deploy your Microsoft Purview account. For more information about these conditions, see our documentation on location conditions.
Create an exemption
Exemptions are recommended for time-bound or specific scenarios where a resource or resource hierarchy should still be tracked and would otherwise be evaluated, but there's a specific reason it shouldn't be assessed for compliance. It would allow a temporary exception to your policy for a resource to exist for a finite amount of time.
For more information, see the documentation for policy exemptions.
Next steps
To set up Microsoft Purview by using Private Link, see Use private endpoints for your Microsoft Purview account.