Netskope Help

Configure Azure Blob Storage as a Forensic Destination

This section describes the steps involved in configuring an Azure Blob Storage as a forensic destination.


  • Netskope supports forensic destination on Azure Blob Storage accounts only. For additional information on storage account types, refer the Azure documentation located here.

  • Azure forensics is not supported if the Azure account is a government account.

The configuration process requires you to,

The process involves assigning roles to the Azure subscription. Using Azure built-in roles or creating custom roles you can assign the necessary permissions to Netskope. These permissions are required to perform tasks to store forensic-related logs in Blob storage. You can review the permissions in Azure Permissions for Forensic.

Using custom roles, you can limit Netskope's permissions by assigning the role to a storage account instead of the subscription. Detailed information about limiting the scope of the role is available in Limit permissions for Forensics to Azure Storage Account section.

Refer to the Prerequisites section before you begin configuring Azure Blob Storage as a forensic destination.


Before you begin, ensure that you have a Blob storage with the following resources,

  • Storage account

  • Container in the storage account

You can use existing resources or create new resources.

Netskope recommends that the container in the storage account is specifically used to store forensic data only.