Fortinet black logo

Online Help

Azure Storage

Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:464217

Azure Storage

FortiCASB offers an API-based approach, pulling data directly from Azure Storage via RESTful API. Then FortiCASB portal accesses the data collected through API queries with OAuth2.0 authentication. Subsequently, FortiCASB combines these data to monitor and track Azure Storage user activities, provide DLP Data Analysis for files on Azure Storage.

Prerequisites

You may use an existing Azure AD account or create a new account. If you create a new account, wait for at least 24 hours for the new account to take effect before granting access to FortiCASB.

Make sure the user account that will be used on FortiCASB has a Global Administrator role or Cloud Application Administrator + Global Reader roles.

You will also need to set up the Azure AD Privileged Identity Management application. For more information on how to do so, go to:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure.

FortiCASB supports all types of Azure AD licenses. However, depending on the features supported by the Azure AD license, FortiCASB will only integrate features available to that license. For example, a free Azure AD license does not include sign-in activity report, thus FortiCASB cannot provide sign-in activities from the free Azure AD account.

Follow each section below to help you setup the Azure Subscription, Roles, and configure the Blob Storage in preparation to add the Azure Subscription to FortiCASB:

  1. Setup Azure Subscription
  2. Add Reader role to the Subscription
  3. Add Reader roles to multiple subscriptions simultaneously (optional)
  4. Collect Subscription and Tenant IDs
  5. Setup Blob Storage
  6. Enable Blob Log Monitoring
  7. Setup Storage Blob Data Reader
  8. Add Azure Storage Account

Azure Storage

FortiCASB offers an API-based approach, pulling data directly from Azure Storage via RESTful API. Then FortiCASB portal accesses the data collected through API queries with OAuth2.0 authentication. Subsequently, FortiCASB combines these data to monitor and track Azure Storage user activities, provide DLP Data Analysis for files on Azure Storage.

Prerequisites

You may use an existing Azure AD account or create a new account. If you create a new account, wait for at least 24 hours for the new account to take effect before granting access to FortiCASB.

Make sure the user account that will be used on FortiCASB has a Global Administrator role or Cloud Application Administrator + Global Reader roles.

You will also need to set up the Azure AD Privileged Identity Management application. For more information on how to do so, go to:

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure.

FortiCASB supports all types of Azure AD licenses. However, depending on the features supported by the Azure AD license, FortiCASB will only integrate features available to that license. For example, a free Azure AD license does not include sign-in activity report, thus FortiCASB cannot provide sign-in activities from the free Azure AD account.

Follow each section below to help you setup the Azure Subscription, Roles, and configure the Blob Storage in preparation to add the Azure Subscription to FortiCASB:

  1. Setup Azure Subscription
  2. Add Reader role to the Subscription
  3. Add Reader roles to multiple subscriptions simultaneously (optional)
  4. Collect Subscription and Tenant IDs
  5. Setup Blob Storage
  6. Enable Blob Log Monitoring
  7. Setup Storage Blob Data Reader
  8. Add Azure Storage Account