1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administrator’s Guide
    4. Monitor Enterprise DLP
    5. Save Evidence for Investigative Analysis with Enterprise DLP
    6. Set Up Cloud Storage to Save Evidence for Prisma Access (Cloud Managed)
    7. Configure Cloud Storage on Microsoft Azure for Prisma Access (Cloud Managed)

    Configure Cloud Storage on Microsoft Azure for Prisma Access (Cloud Managed)

    Configure cloud storage on Microsoft Azure to save evidence for investigative analysis with Enterprise data loss prevention (DLP) for Prisma Access (Cloud Managed).
    Microsoft Azure users can configure a storage account to automatically upload all files that match an Enterprise data loss prevention (DLP) data profile for Enterprise DLP deployed on Prisma Access (Cloud Managed).
    To store your files scanned by the DLP cloud service, you must create a storage account and Identity and Access Management (IAM) role that allows the DLP cloud service access to automatically store files. Files uploaded to your storage account are automatically named using a unique Report ID for each file. The Report ID is used to search and download specific files for more in depth investigation.
    In case of connection issues to your storage account due to configuration error or change in settings, an email is automatically generated and sent to the admin that originally connected the Prisma Access (Cloud Managed) to the storage bucket and to the user who last modified the storage account connection settings on Prisma Access (Cloud Managed). This email is sent out every 48 hours until the connection is restored.
    Files that are scanned by the DLP cloud service while Prisma Access (Cloud Managed) is disconnected from your storage account cannot be stored and are lost. This means that all impacted files are not available for download. However, all snippet data is preserved and can still be viewed on Prisma Access (Cloud Managed).
    File storage automatically resumes after the connection status is restored.
    1. Log into the Microsoft Azure portal as an administrator.
      Administrator level privileges are required to successfully add the Enterprise DLP evidence storage application using Cloud Shell and to configure access to the storage account to enable file uploads by the DLP cloud service to save files for evidence analysis.
    2. (
      Optional
      ) From the portal menu, select
      Storage groups
       and
      Create
       a new storage group.
      You can also search for
      storage groups
      .
      The storage group is required to associate the storage account you create next for storing matched files.
      Skip this step if you have an existing resource group that you want to associate with the storage account.
    3. From the portal menu, select
      Storage accounts
       and
      Create
       a new storage account.
      You can also search for
      storage accounts
      .
    4. Obtain the App ID, Tenant ID, and blob service endpoint URL.
      This information is required to add the Palo Alto Networks Enterprise DLP application to your Microsoft Azure tenant and to configure connectivity to the DLP cloud service.
      • Palo Alto Networks Enterprise DLP App ID
         - 65def4b7-bae6-4bff-ab73-63fe8c9a3c8d
        The Palo Alto Networks Enterprise DLP app ID can be found in the DLP app on the hub (
        Settings
        Sensitive Data
        Configure Bucket
        Azure
        ).
      1. Obtain your Tenant ID.
        1. From the portal menu, select
          Azure Active Directory
          .
          You can also search for
          azure active directory
          .
        2. In the Basic Information section, copy the
          Tenant ID
          .
      2. Obtain the blob service endpoint URL.
        1. From the portal menu, select
          Storage accounts
           and select the storage account you will use to save files for evidence analysis.
        2. Select
          Settings
          Endpoints
           and copy the
          Block service
           endpoint URL.
    5. Add the Palo Alto Networks Enterprise DLP application.
      1. Open
        Cloud Shell
        .
        Click the Cloud Shell icon located in the top-right corner of the Microsoft Azure portal.
      2. Add the Palo Alto Networks Enterprise DLP application.
        Connect-AzureAD -TenantID <Your_Tenant_ID>
        New-AzureADServicePrincipal -AppId 65def4b7-bae6-4bff-ab73-63fe8c9a3c8d
        It may take a few minutes for Microsoft Azure to add a new application to your Azure tenant.
      3. Close the Cloud Shell.
      4. Search for and select
        Enterprise applications
        .
      5. For the Application type, select
        All applications
        .
      6. Search for the
        Palo Alto Networks Enterprise DLP
         application name to verify you successfully added the application.
    6. Configure permissions for the Palo Alto Networks Enterprise DLP application.
      1. Select the
        Palo Alto Networks Enterprise DLP
         application name.
      2. Select
        Security
        Permissions
         and
        Grant Admin consent
        .
      3. Select the administrator email in the Microsoft login prompt that is displayed.
      4. Accept
         the permissions request to allow the Palo Alto Networks Enterprise DLP application to view your Azure storage accounts .
        It may take a few minutes for the permissions to be successfully granted to the Palo Alto Networks Enterprise DLP application.
        You still need to grant the Palo Alto Networks Enterprise DLP application permission to write to a specific storage account.
      5. Verify that the
        Azure Storage
         and
        Microsoft Graph
         API names are displayed in the Admin consent section.
      6. From the portal menu, select
        Storage accounts
         and select the storage account you want to use to save files for evidence analysis.
      7. Select
        Access Control (IAM)
        Add
        Add Role Assignment
        Storage Blob Data Owner
         and click
        Next
        .
      8. Select to assign access to
        User, group, or service principle
         and
        select members
        .
      9. Search and select the
        Palo Alto Networks Enterprise DLP
         application and
        Select
         the application.
      10. Review + assign
         to allow the Palo Alto Networks Enterprise DLP application to write to the storage account.
        It can take up to 10 minutes for the write permissions to be successfully granted to the Palo Alto Networks Enterprise DLP application.
    7. Configure the storage bucket for evidence file storage.
      1. Access to evidence storage settings and files on Prisma Access (Cloud Managed) is allowed only for an account administrator or app administrator role with Enterprise DLP read and write privileges. This is to ensure that only the appropriate users have access to report data and evidence.
      2. Select
        Manage
        Configuration
        Security Services
        Data Loss Prevention
        Settings
        Sensitive Data
         and select
        Azure
         as the Public Cloud Storage Bucket.
      3. Select
        Input Bucket Details
        .
      4. Enter Microsoft Azure Tenant ID.
      5. Enter the Storage Endpoint.
        This is the blob service endpoint URL that you gathered for the storage account.
      6. Connect
         the storage account and the DLP cloud service.
      7. View the
        Connection Status
         to verify that the DLP cloud service successfully connected to the storage account.
        Select
        Save
         if Prisma Access (Cloud Managed) can successfully connect your bucket. A
        connectiontest
         file is uploaded to your storage account by the DLP cloud service to verify connectivity.
        If Prisma Access (Cloud Managed) cannot successfully connect your bucket, select
        Previous
         and edit the bucket connection settings.
      8. In the Store Sensitive Files settings, enable storage of sensitive files for Prisma Access (Cloud Managed).

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo