Microsoft Purview - can it be used to monitor firewall rules across databases?

Question

I have been looking for a solution, preferably native, to monitor changes to firewall rules across multiple Azure SQL databases hosted on different Azure SQL servers. While Azure Policy seemed to fit the bill initially, it later turned out to be okayish, that too only for Azure SQL servers. Today, I came across Purview, showcased as a data governance solution. I managed to set up a Purview account and hooked up a database to be scanned. The scan rules didn't offer much customizability and it wasn't clear to me what it actually scans - does it just look for stray IP addresses across the database? I could not decipher much from the results for my use case either.

Is there any way to achieve my objective using Purview? I am also open to other suggestions to achieve it.

Answer 1

Purview is not the right tool for this. Your best bet is using Azure Monitor to create an alert when rules are created, updated or deleted. When creating a new alert choose the following signal(s):