Skip to content

Azure Blob Archival

Please refer to these steps to setup Azure application to use audit trailing.

App Registration and Role Assignments

Step 1: Create an Azure AD Application

  1. Sign into the Azure portal.
  2. Search for App registrations. App Registration Search
  3. Click on the + New registration button to create a new application. New Azure AD App Registration
  4. Provide a name for your application, and choose the appropriate account type (e.g., Accounts in this organizational directory only or Accounts in any organizational directory).
  5. In the Redirect URI section, you can leave it blank for now if you do not have a specific redirect URI to configure.
  6. Click the Register button to create the application. Register New Application

Step 2: API Permissions

  1. Under the API permissions section, click on the + Add a permission button.
  2. Search for User impersonation permission under Azure Storage section. API Permissions
  3. Select and add the permission to app. API Permissions

Step 3: Storage Account Configurations

Create a new storage account or use an existing account. The storage account should have these configurations.

Step 4: Assign Permissions to Access Azure Blob Storage

  1. Go to your Azure Blob Storage account in the Azure portal.
  2. In the left-hand menu, select Access control (IAM).
  3. Click the + Add a role assignment button to assign a role to your Azure AD application. Add New Role
  4. Choose the appropriate role that grants access to Azure Blob Storage, such as Storage Blob Data Contributor and Reader. Reader Role Contributor Role
  5. In the Assign access to field, select Azure AD user, group, or application.
  6. In the Select field, search for, and select the Azure AD application you registered in Step 1 and save the role. Add Role Member Add Role Assignment

Step 5: Get Tenant ID and Application ID

  1. In the Azure portal, go back to your Azure AD application's Overview page.
  2. Note down the Application (client) ID.
  3. On the same page, find the Directory (tenant) ID. Application Page

Step 6: Configure Application Secrets (Certificate)

  1. After registering the application, navigate to the Certificates & secrets section in the left-hand menu.
  2. Under the Certificates section, click on the + Upload Certificate button.
  3. Upload the certificate file provided on connection page, provide a description, and click the Add button. Upload Certificate