Azure Resources (Blob Ingest)

Azure Compute Services are the core set of cloud computing services that allow you to deploy and manage workloads on Microsoft Azure. These services provide the infrastructure, tools, and platforms for computing and storage needs. For detailed information, please refer to the Microsoft’s official documentation.

Integration Method: Azure Blob

Tables: Device Inventory Info (5004), Cloud Resources Inventory Info (5023)

Note:

Microsoft Azure is a continuously updated cloud service. As of this document preparation, the latest release was in September 2025.

Prerequisites

• The user should have access to the Azure portal with an account that has the Global Administrator privilege.

• The user should have access to the DataBee console.

Configuration Overview

1. Generate client credentials with the required scopes.

2. Add the Azure Resource Log data feed in the DataBee console with the below parameters.

   DataBee Parameter	Azure Resource Logs Parameter
   Client ID	Application (client) ID
   Client Secret	Client Secret Value
   Tenant ID	Directory (Tenant) ID
   Blob Account Name	Storage Account Name
   Blob Container Name	Container Name
   Azure Queue Name	Queue Name

Azure Resource Logs Configuration

To create an Azure Blob storage, need to follow below steps.

Create an application

1. Log on to Azure with a user account that has the Global Administrator privilege.

2. In the search bar, search for App Registration and select it.
    

3. On the “App registrations” page click on the New registration. The “Register an application” window will appear.
    

4. On the “Register an application” window:

   1. Under ‘Name’ enter your Application Name then click on Register to create the application.
       

5. On the app Overview page, copy the Application (client) ID and Directory (tenant) ID for later use.
    

Create client secret

1. Select the application created above.

2. Under Manage, click Certificates & secrets, and then click on Client secrets.
    

3. Click New client secret. “Add a client secret” window appears.
    

4. In “Add a client secret” window:

   1. Enter a ‘Description’ for this client secret and select the desired expiry period from the ‘Expires’ drop-list.

   2. Then click on Add to create the client secret.
       

   Note:

   The user needs to re-create the client secret when it expires.

5. Copy the Value fields for later use.
    

Create Storage Account

1. Navigate to the home page and search for the Storage accounts.
    

2. To create a new storage account, ensure the user has the necessary permissions to create one and follow the steps outlined here. To use an existing storage account, proceed to step 3.

3. Open the Storage accounts, locate and select the desired storage account. Copy the Storage Account Name for future reference.
    

Assign Role to Application

1. In storage account, assign the created Azure AD App to a Role that grants access to the storage blob.

2. Navigate to Access Control (IAM) under the Storage accounts and click on Add.
    

3. Assign the appropriate role for the Application.

   Role	Description
   Storage Blob Data Contributor	Allows read/write/delete access to blob objects.
   Storage Queue Data Contributor	Allows to send/read/delete messages in queues.
   Storage Account Contributor	Provides full control over the storage account.

4. In the “Add role assignment” page, use the search bar to type the desired role and select it from the list. Once selected, click Next.
    

5. Select the member for the role assignment.

   1. Click on Select members.

   2. Search for the application created during the app registration process and click on Select.
       

6. Click Next to continue.
    

7. Click Next to continue.
    

8. Click Review + Assign to finalize the role assignment.
    

9. To verify the role assignment

   1. Navigate to Access Control (IAM) > Role assignments.

   2. Search for the application and assigned role for storage blob would be visible.
       

Creating a Queue for Blob Storage

1. To read the data from blob storage we need a queue.

2. In the storage account, Click on Data storage > Queues.

3. Go to Queues and click on + Queue to create a new queue.

   1. Enter a queue name and click on OK.
       

4. To set up event notification, go to the Events tab and click on + Event Subscription.
    

5. Provide EVENT SUBSCRIPTION DETAILS, TOPIC DETAILS and EVENT TYPES:

   1. Enter the event name.

   2. Choose Event Grid Schema as event schema.

   3. Add System Topic Name if not added already.

   4. Select Blob Created as the Filter to Event Types.
       

6. Select Storage Queue as the Endpoint Type.
    

7. Provide ENDPOINT DETAILS to configure the endpoint:

   1. Click on Configure an endpoint option.

   2. Select the appropriate ‘Subscription’ and ‘Storage account’ values.

   3. Select the Select existing queue option and choose the queue created previously.

   4. Click Select.
       

8. Click Create to finalize the event subscription.
    

Forwarding the Administrative logs to Blob Storage

To forward the Azure Activity logs of the administrative category to the blob storage account that you created, follow below steps.

1. Navigate to the home page and search for the Monitor App.
    

2. Navigate to the Activity log tab and click on Export Activity Logs.
    

3. Click on Add diagnostic setting.
    

4. Select the Administrative category and choose the Archive to a storage account. Fill the below details. Click on Save.
    

5. A new container will be created in your storage account, which will be used in the DataBee configuration.
    

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for Azure Resource Logs and click it as shown below.
    

3. Click on the Azure Blob option.
    

4. Enter feed contact information and click Next.

   
   

5. In the configuration page, confirm the following:

   • Client ID: paste the Application ID.

   • Client Secret: paste the Secret Value.

   • Tenant ID: paste the Directory ID.

      

6. In the configuration page, confirm the Azure Blob Storage details:

   • Blob Account Name: paste the Storage Account name.

   • Blob Container Name: paste the Storage Container name.

   • Compression: none

   • Content Type: JSON Lines

   • Azure Queue Name:  paste the Queue name.

     
     

7. Click Submit.

Troubleshooting Tips

• In case of any permission errors, ensure that proper roles are assigned to the application in the storage created.