Add an Azure Blob Storage

In order to integrate Azure Blob with MetaDefender Storage Security you will be required to create an application registration, assign the necessary permissions and roles, and then generate a secret key. Please follow these steps:

  1. From the left side menu, navigate to Storage units, click on Add storage unit and choose Azure Blob
  1. Give your account a name so you can easily identify it later
  2. Give your storage a name so you can easily identify it later.
  3. Select Government Cloud type if the storage belongs to Azure US Government Cloud.
  4. Enter the Storage Account name.
  5. Enter your Tenant ID. Scroll to the end of this page for more details.
  6. Enter your Client ID. Scroll to the end of this page for more details.
  7. Enter your Client Secret. Scroll to the end of this page for more details.
  8. Enter the name of a container to process objects from a particular container.
  9. Select Continue in order to finish the process.

How to create an Azure Blob application?

In order to process your Azure Blob objects with MetaDefender Storage Security you will be required to add a new app registration in your Microsoft Entra ID Azure Portal.

  1. Log in to Azure Portal and from the left navigation menu choose Microsoft Entra ID
  1. Make a copy of the Tenant ID from the overview page
  1. From the left side menu, choose App registrations
  2. Click New registration
  3. Give your app a name so you can easily identify it
  1. There is no need to modify the other properties. When ready, please click Register
  2. From the Overview page of your newly created application, make a copy of Application (client) ID
  3. Navigate to Certificates & Secrets from the left-side menu
  4. Click New client secret and choose Expires in 24 months
  1. Click Add and then you will need to make a copy of the generated secret key because it will not be available later
  2. Navigate to your Storage Account and select the Access Control (IAM) menu
  3. Select the Role assignments tab, then select the Add role assignment option from the Add dropdown.

  1. Assign the following roles to the Client Application you previously registered:

    1. Storage Blob Data Contributor
    2. Reader

  2. Navigate back to your Storage Account and from Security + networking menu, select Networking
  1. Navigate to Public access tab (the first and default one)
  1. Click Manage on the Public network access section
  1. Enable Public network access
  1. From the Public network access scope, you have two options:
    1. Enable from all networks: this is less restrictive and will allow any applications to try to establish a successful connection to your storage account.
    2. Enable from selected networks: this will restrict access only to specific IPv4 addresses. If you enable this option, please add the IP address of the machine where MetaDefender Storage Security instance is running. If is running on Kubernetes, please add the IP addresses of the following pods: storagesservice-azureblob, discoveryazureblobservice, remediationsservice-azureblob, scanningservice. If you are moving file from Azure Blob to another type of storage unit, please add its remediationsservice-{storageType} pod to this list.
  1. Now that you have the Tenant ID, Client ID and the Client Secret Key, you can go back in MetaDefender Storage Security and finish the Azure Blob integration. Congratulations!

For additional configuration of how MetaDefender Storage Security handles blobs please check custom configuration.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Add an Alibaba Cloud Storage
On This Page
Add an Azure Blob StorageHow to create an Azure Blob application?