Azure Storage

The instructions here work for setting up the following Azure Storage types as Targets:

Azure Blobs
Azure Tables
Azure Queues

To set up Azure Storage as a Target:

Get Azure Account Access Keys
Set up Azure as a Target location

To scan specific paths in an Azure Storage Target, see Edit Azure Storage Target Path.

Instructions for configuring a cloud service account's security settings are provided here for the user's convenience only. For the most up-to-date instructions, please consult the cloud service provider's official documentation.

General Requirements

Proxy Agent host with direct Internet access.
Cloud service-specific access keys.

Get Azure Account Access keys

Log in to your Azure account.
Go to All resources > [Storage account], and under Settings, click on Access keys.
Note down key1 and key2 which are your primary and secondary access keys respectively. Use the active access key to connect ER2 to your Azure Storage account.

Only one access key can be active at a time. The primary and secondary access keys are used to make rolling key changes. Ask your Azure Storage account administrator which access key is currently active, and use that key with ER2.

Set up Azure as a Target location

From the New Search page, Add Targets.
In the Select Target Type dialog box, select one of the following Azure Storage types:
- Azure Blobs
- Azure Queue
- Azure Table

Fill in the following fields:
Dialog box to configure the path, credentials and proxy agent for an Azure Blob Target.

Field	Description
Azure Account Name	Enter your Azure account name.
Credential Label	Enter a descriptive label for the credential set.
Username	Enter your Azure Storage account name.
Password	Enter either key1 or key2. See Get Azure Account Access Keys for more information.
Agent to act as proxy host	Select a Proxy Agent host with direct Internet access.

Recommended Least Privilege User Approach

To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
Click Commit to add the Target.

Edit Azure Storage Target Path

To scan a specific Target location in Azure Storage:

Set up Azure as a Target location.
In the Select Locations section, select your Azure Storage Target location and click Edit.

In the Edit Azure Storage Location dialog box, enter the Path to scan. Use the following syntax:

Azure Storage type	Path syntax
Azure Blobs	To scan a specific folder: <folder_name> To scan a specific file: <[folder_name/]file_name.txt>
Azure Table	To scan a specific table: <table_name>
Azure Queue	To scan a specific Queue: <queue_name>

Click Test and then Commit to save the path to the Target location.