![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 21%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGR%3C/text%3E%3C/svg%3E)
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,026 questions
@Ganapathy Ram - Thanks for the question and using MS Q&A platform.
To implement a policy outside of the Azure Purview scope, you can use Azure Policy. Azure Policy is a service in Azure that you can use to create, assign, and manage policies. Policies are rules that enforce different aspects of governance over your resources, so you can stay compliant with your corporate standards and service level agreements.
To use Azure Policy to enforce the same policy you created in Azure Purview, you can follow these steps:
- Open the Azure portal and navigate to the Azure Policy service.
- Create a new policy definition by clicking on the "Definitions" tab and then clicking on the "New policy definition" button.
- In the "Basics" tab of the policy definition, give your policy a name and description.
- In the "Policy rule" tab, select the "Add condition" button and then select the "Data source" condition.
- In the "Data source" condition, select "Azure Data Lake Storage Gen2" as the data source type and then select the specific ADLS Gen2 account you want to apply the policy to.
- In the "Policy rule" tab, select the "Add condition" button again and then select the "File path" condition.
- In the "File path" condition, specify the path to the container and folder you want to apply the policy to (in your case, "goldzone/account").
- In the "Policy rule" tab, select the "Add effect" button and then select the "Deny" effect.
- In the "Deny" effect, specify the actions you want to deny (for example, "Microsoft.Storage/storageAccounts/blobServices/containers/write") and the reason for the denial.
- Save the policy definition.
- Assign the policy definition to the appropriate scope (for example, a management group or subscription).
Once the policy is assigned, it will be enforced on the specified ADLS Gen2 account, container, and folder, regardless of whether the resources are accessed through Azure Purview or any other tool.
I hope this helps! Let me know if you have any further questions.