Setup Storage Blob Data Reader
The last step is to grant Storage Blob Data Reader permission to the Azure AD user. This is a necessary step for FortiCASB DLP and virus scan to read and analyze the data stored in the Storage Blob account as well as integrating Azure cloud traffic in FortiCASB.
- From the Azure portal page, search and click Subscriptions.
- Select your subscription.
- Select Access Control (IAM), and click +Add, then Add role assignment pane will pop-up.
- In Role field, type and select Storage Blob Data Reader.
- In Assign access to field, leave it as Azure AD user, group, or service principal.
- In Select field, type and select the name or e-mail address of the Azure AD user.
- Click Save to complete granting the role to the Azure AD user.