Fortinet black logo

Online Help

Home FortiCASB 21.1.0 Online Help
21.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

Azure Storage

Microsoft Azure Storage

FortiCASB offers an API-based approach. It monitors Azure Cloud activity by using Web notification and by pulling data directly from Azure Cloud via the RESTful API. Authentication is done through OAUth2.0. FortiCASB uses access token to generate API queries.

Prerequisites

You may use an existing Azure AD account or create a new account. If you create a new account, wait for at least 24 hours for the new account to take effect before granting access to FortiCASB.

Make sure the user account that will be used on FortiCASB has a Global Administrator role, Application Administrator + Global Reader roles, or Cloud Application Administrator + Global Reader roles.

You will also need to set up the Azure AD Privileged Identity Management application. For more information on how to do so, go to:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure.

FortiCASB supports all types of Azure AD licenses. However, depending on the features supported by the Azure AD license, FortiCASB will only integrate features available to that license. For example, a free Azure AD license does not include sign-in activity report, thus FortiCASB cannot provide sign-in activities from the free Azure AD account.

Follow each section below to help you setup the Azure Subscription, Roles, and configure the Blob Storage in preparation to add the Azure Subscription to FortiCASB:

  1. Setup Azure Subscription
  2. Add Reader role to the Subscription
  3. Add Reader roles to multiple subscriptions simultaneously (optional)
  4. Collect Subscription and Directory IDs
  5. Setup Blob Storage
  6. Enable Blob Log Monitoring
  7. Setup Storage Blob Data Reader
  8. Add Azure Storage Account

Previous
Next

Microsoft Azure Storage

FortiCASB offers an API-based approach. It monitors Azure Cloud activity by using Web notification and by pulling data directly from Azure Cloud via the RESTful API. Authentication is done through OAUth2.0. FortiCASB uses access token to generate API queries.

Prerequisites

You may use an existing Azure AD account or create a new account. If you create a new account, wait for at least 24 hours for the new account to take effect before granting access to FortiCASB.

Make sure the user account that will be used on FortiCASB has a Global Administrator role, Application Administrator + Global Reader roles, or Cloud Application Administrator + Global Reader roles.

You will also need to set up the Azure AD Privileged Identity Management application. For more information on how to do so, go to:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure.

FortiCASB supports all types of Azure AD licenses. However, depending on the features supported by the Azure AD license, FortiCASB will only integrate features available to that license. For example, a free Azure AD license does not include sign-in activity report, thus FortiCASB cannot provide sign-in activities from the free Azure AD account.

Follow each section below to help you setup the Azure Subscription, Roles, and configure the Blob Storage in preparation to add the Azure Subscription to FortiCASB:

  1. Setup Azure Subscription
  2. Add Reader role to the Subscription
  3. Add Reader roles to multiple subscriptions simultaneously (optional)
  4. Collect Subscription and Directory IDs
  5. Setup Blob Storage
  6. Enable Blob Log Monitoring
  7. Setup Storage Blob Data Reader
  8. Add Azure Storage Account

Previous
Next