Enterprise Recon 2.3.1
This section covers the following topics:
- Get Azure Account Access Keys
- Set up Azure as a Target location
- Edit Azure Storage Target Path
The instructions here work for setting up the following Azure Storage types as Targets:
- Azure Blobs
- Azure Tables
- Azure Queues
To set up Azure Storage as a Target:
To scan specific paths in an Azure Storage Target, see Edit Azure Storage Target Path.
For Sitewide Licenses, all scanned Azure Storage Targets consume data from the Sitewide License data allowance limit.
For Non-Sitewide Licenses, Azure Storage Targets require Server & DB Licenses, and consume data from the Server & DB License data allowance limit.
See Target Licenses for more information.
|TCP Allowed Connections||Port 443|
Get Azure Account Access keys
- Log in to your Azure account.
- Go to All resources > [Storage account], and under Settings, click on Access keys.
Note down key1 and key2 which are your primary and secondary access keys respectively. Use the active access key to connect ER2 to your Azure Storage account.Only one access key can be active at a time. The primary and secondary access keys are used to make rolling key changes. Ask your Azure Storage account administrator which access key is currently active, and use that key with ER2.
Set up Azure as a Target location
- From the New Scan page, Add Targets.
- In the Select Target Type dialog box, click on Azure Storage and select one of the following Azure Storage types:
- Azure Blobs
- Azure Queue
- Azure Table
Fill in the following fields:
Field Description Azure Account Name Enter your Azure account name. New Credential Label Enter a descriptive label for the credential set. New Username Enter your Azure Storage account name. New Password Enter either key1 or key2. See Get Azure Account Access Keys for more information. Agent to act as proxy host Select a Proxy Agent host with direct Internet access.Recommended Least Privilege User Approach
To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.
- Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
- Click Commit to add the Target.
Edit Azure Storage Target Path
To scan a specific Target location in Azure Storage:
- Set up Azure as a Target location.
- In the Select Locations section, select your Azure Storage Target location and click Edit.
In the Edit Azure Storage Location dialog box, enter the Path to scan. Use the following syntax:
Azure Storage type Path syntax Azure Blobs To scan a specific folder:
To scan a specific file:
Azure Table To scan a specific table:
Azure Queue To scan a specific Queue:
- Click Test and then Commit to save the path to the Target location.