In order to integrate Teleskope with Azure Blob Storage, you must make sure the following prerequisites are met:
Within Azure: You must have created an Entra App as described previously
Within Teleskope: A Teleskope admin account to complete the setup process.
Integration
For each subscription:
1
Grant the Teleskope app read access to Azure Blob Storage
Grant the Teleskope app the following role:
Storage Blob Data Reader
Create a custom role with the following permission:
Microsoft.Storage/storageAccounts/read
Microsoft.Storage/storageAccounts/*/read
2
Grant the Teleskope app write access to Azure Blob Storage (optional)
Grant the Teleskope app the following role:
Storage Blob Data Contributor
Inventory Reports (optional)
Follow Azure's documentation to setup CSV inventory reports for your containers. This will allow us to crawl your containers with optimized speed, and minimize the cost incurred on the Azure side by limiting the amount of API calls we make.
If cost-appropriate, please toggle on Enable access tracking in the Blob inventory settings page. This allows you to view access history per-blob and use the field as a trigger in Policy Maker.
