3.2.8 Add An Azure Blob Storage

In order to integrate Azure Blob with MetaDefender for Secure Storage you will be required to create an application registration, assign the necessary permissions and roles, and then generate a secret key. Please follow these steps:

  1. From the left-side menu, navigate to Storage Units and from the Object Storage tab, choose Add Azure Blob Storage

    images/download/attachments/6224444/image-20210326-185122.png

  2. Give your storage a name so you can easily identify it later

  3. Enter the Storage Account name.

  4. Enter your Tenant ID. Scroll to the end of this page for more details.

  5. Enter your Client ID. Scroll to the end of this page for more details.

  6. Enter your Client Secret. Scroll to the end of this page for more details.

  7. Enter the name of a container if you only wish to process objects from a particular container. Leave this field empty if you wish to process the entire Azure Blob Storage Account.

  8. Select the MetaDefender Core server that you wish to use.

  9. Select Add in order to finish the process.

How to create an Azure Blob application?

In order to process your Azure Blob objects with MetaDefender for Secure Storage you will be required to add a new app registration in your Active Directory Azure Portal.

  1. Log in to Azure Portal and from the left navigation menu choose Azure Active Directory
    images/download/attachments/6224444/azure-portal.png

  2. Make a copy of the Tenant ID from the overview page
    images/download/attachments/6224444/tenant.png

  3. From the left side menu, choose App registrations

  4. Click New registration

  5. Give your app a name so you can easily identify it
    images/download/attachments/6224444/register-application.png

  6. There is no need to modify the other properties. When ready, please click Register

  7. From the Overview page of your newly created application, make a copy of Application (client) ID
    images/download/attachments/6224444/application-overview.png

  8. You now need to specify which permissions should the application have. To do this, please navigate to API permissions from the left-side menu

  9. Click Add a permission
    images/download/attachments/6224444/api_permissions.png

  10. Select Azure Storage from the right-side menu
    images/download/attachments/6224444/request_permissions.png

  11. Select Delegated permissions
    images/download/attachments/6224444/delegated_permissions.png

  12. In order for MetaDefender for Secure Storage to correctly work, please add the following permission:

    1. user_impersonation

  13. When ready, click Add permissions

  14. Now that the required permissions are in place, please navigate to Certificates & Secrets from the left-side menu

  15. Click New client secret and make sure that it never expires
    images/download/attachments/6224444/client-secret.png

  16. Click Add and then you will need to make a copy of the generated secret key because it will not be available later

  17. Navigate to your Storage Account and select the Access Control (IAM) menu

  18. Select the Role assignments tab, then select the Add role assignment option from the Add dropdown.
    images/download/attachments/6224444/role-assignments.png

  19. Assign the following roles to the client application you previously registered:

    1. Storage Blob Data Contributor

    2. Reader

  20. Now that you have the Tenant ID, Client ID and the Client Secret Key, you can go back in MetaDefender for Secure Storage and finish the Azure Blob integration. Congratulations!