Skip to main content

Netskope Help

Step 1/3: Configure an Azure AD Application for Forensics

To configure Azure Blob Storage as a forensic destination, you must log in to the Azure portal as a subscription owner or global administrator and configure the following tasks:

Create an Azure AD Application

To create an Azure AD application, follow the steps below:

  1. Log in to portal.azure.com.

  2. Navigate to All services > Identity > Azure Active Directory.

  3. Click App registrations.

    Azure-AD-App_App-Regis.png
  4. Click + New registration and enter the following details:

    1. Name: Enter the name of the application.

    2. Supported account types: Keep the default selection to Accounts in this organizational directory only.

    3. Redirect URL (optional): Leave this blank.

    Azure_Regis-App.png
  5. Click Register.

For additional information, refer to the Microsoft Azure documentation located here.

Get the Application ID and Directory ID

After registering the Azure AD application, the page redirects you to the Azure AD application Overview page. Note down the Application (client) ID and Directory (tenant) ID.

Azure_App-ID_Dir-ID.png

Note

These values will be required when you set up the Azure application instance in the Netskope UI.

Get the Authentication Key

To get the authentication key, follow the steps below:

  1. On the left navigation bar of the Azure AD application page, click Certificates & secrets.

  2. Under Client secrets, click + New client secret and enter the following details:

    1. Description: Provide a description of the key.

    2. Expires: Set a duration for the key.

  3. Click Add.

    Azure_Setup-Auth-Key.png
  4. After you save the configuration changes, under Client secrets, the right-most column contains the authentication key. Copy the key value.

    Azure_Copy-Key-Value.png

    Important

    Ensure that you copy the key value as it is not accessible once you leave this page. The key value will be required when you set up the Azure application instance in the Netskope UI.

For additional information, refer to the Microsoft Azure documentation located here.

Assign a Role to the Azure AD Application

To assign a role, follow the steps below:

  1. Log in to portal.azure.com.

  2. Navigate to All services > General > Subscriptions.

    Azure_All-serv_General_Subscrip.png
  3. On the Subscriptions page, click the appropriate subscription from the list.

  4. If you want to set up multiple subscriptions, group them under a Management Group and assign a role at the Management Group. When you add a new subscription to the management group, Netskope will automatically detect the subscription and perform scans as per your configuration.

  5. Click Access control (IAM).

  6. Click + Add > Add role assignment.

    Azure_Subscrip_Assign-Role.png

    Assign the roles and permissions specified in Step 2/3: Assign Azure permissions to store forensic objects.

For additional information, refer to the Microsoft Azure documentation located here.