Azure Storage

This section covers the following topics:

Overview
Licensing
Requirements
Get Azure Account Access Keys
Set up Azure as a Target location
Edit Azure Storage Target Path

Overview

The instructions here work for setting up the following Azure Storage types as Targets:

Azure Blobs
Azure Tables
Azure Queues

To set up Azure Storage as a Target:

Get Azure Account Access Keys
Set up Azure as a Target location

To scan specific paths in an Azure Storage Target, see Edit Azure Storage Target Path.

Instructions for configuring a cloud service account's security settings are provided here for the user's convenience only. For the most up-to-date instructions, please consult the cloud service provider's official documentation.

Licensing

For Sitewide Licenses, all scanned Azure Storage Targets consume data from the Sitewide License data allowance limit.

For Non-Sitewide Licenses, Azure Storage Targets require Server & DB Licenses, and consume data from the Server & DB License data allowance limit.

See Target Licenses for more information.

Requirements

Requirements	Description
Proxy Agent	Proxy Agent host with direct Internet access. Cloud service-specific access keys. Required Proxy Agents: Windows Agent with database runtime components Windows Agent Linux Agent with database runtime components Linux Agent macOS Agent
TCP Allowed Connections	Port 443

Description

Proxy Agent

Proxy Agent host with direct Internet access.
Cloud service-specific access keys.

Required Proxy Agents:

Windows Agent with database runtime components
Windows Agent
Linux Agent with database runtime components
Linux Agent
macOS Agent

TCP Allowed Connections

Port 443

Get Azure Account Access keys

Log in to your Azure account.
Go to All resources > [Storage account], and under Settings, click on Access keys.
Note down key1 and key2 which are your primary and secondary access keys respectively. Use the active access key to connect ER2 to your Azure Storage account.

Only one access key can be active at a time. The primary and secondary access keys are used to make rolling key changes. Ask your Azure Storage account administrator which access key is currently active, and use that key with ER2.

Set up Azure as a Target location

From the New Scan page, Add Targets.
In the Select Target Type dialog box, click on Azure Storage and select one of the following Azure Storage types:
- Azure Blobs
- Azure Queue
- Azure Table

Fill in the following fields:
Dialog box to configure the path, credentials and proxy agent for an Azure Blob Target.

Field	Description
Azure Account Name	Enter your Azure account name.
New Credential Label	Enter a descriptive label for the credential set.
New Username	Enter your Azure Storage account name.
New Password	Enter either key1 or key2. See Get Azure Account Access Keys for more information.
Agent to act as proxy host	Select a Proxy Agent host with direct Internet access.

Recommended Least Privilege User Approach

To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.

Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
Click Commit to add the Target.

Edit Azure Storage Target Path

To scan a specific Target location in Azure Storage:

Set up Azure as a Target location.
In the Select Locations section, select your Azure Storage Target location and click Edit.

In the Edit Azure Storage Location dialog box, enter the Path to scan. Use the following syntax:

Azure Storage type	Path syntax
Azure Blobs	To scan a specific folder: <folder_name> To scan a specific file: <[folder_name/]file_name.txt>
Azure Table	To scan a specific table: <table_name>
Azure Queue	To scan a specific Queue: <queue_name>

Click Test and then Commit to save the path to the Target location.