# Blob Storage

## Requirements

In order to integrate Teleskope with Azure Blob Storage, you must make sure the following prerequisites are met:

* Within Azure: You must have created an Entra App as described previously
* Within Teleskope: A Teleskope admin account to complete the setup process.

## Integration

For each subscription:

{% stepper %}
{% step %}
**Grant the Teleskope app read access to Azure Blob Storage**

Grant the Teleskope app the following role:

* Storage Blob Data Reader

Create a custom role with the following permission:

* Microsoft.Storage/storageAccounts/read
* Microsoft.Storage/storageAccounts/\*/read
  {% endstep %}

{% step %}
**Grant the Teleskope app write access to Azure Blob Storage (optional)**

Grant the Teleskope app the following role:

* Storage Blob Data Contributor
  {% endstep %}
  {% endstepper %}

### Inventory Reports (optional)

Follow Azure's documentation to setup CSV inventory reports for your [containers](https://learn.microsoft.com/en-us/azure/storage/blobs/blob-inventory). This will allow us to crawl your containers with optimized speed, and minimize the cost incurred on the Azure side by limiting the amount of API calls we make.

If cost-appropriate, please toggle on **Enable access tracking** in the Blob inventory settings page. This allows you to view access history per-blob and use the field as a trigger in Policy Maker.