Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.iru.com/llms.txt

Use this file to discover all available pages before exploring further.

About Microsoft Azure Storage

The Microsoft Azure Storage source reads storage account settings, blob container metadata, container access policies, lifecycle management rules, and network rules through Azure Resource Manager. Iru does not read blob contents, file share data, queue messages, or table rows; it collects only configuration and container-level metadata the management API returns. Authentication is delegated OAuth 2.0 (Microsoft Entra ID) as the user who completes the wizard. Iru does not modify storage accounts, containers, or policies. For a full subscription inventory, assign Reader at subscription scope. Reader scoped only to a resource group can hide accounts in other groups.

How it works

Iru uses Microsoft’s OAuth 2.0 authorization code flow against Azure Resource Manager. The requested scope is: https://management.azure.com/user_impersonation
DetailValue
CategoryDeveloper tools
AuthenticationOAuth 2.0 (Microsoft Entra ID, Azure Resource Manager)
Vendor planAny Azure subscription with storage resources

What Iru collects

Data typeNotes
Storage accountsName, location, SKU (LRS, GRS, ZRS), kind, access tier, TLS version, network rules
Blob containersContainer names, public access settings, metadata
Container access policiesStored access policies and their permissions
Lifecycle management policiesTier transitions and deletion rules
Network rulesFirewall rules, service endpoints, private endpoints
Reader at subscription scope includes Microsoft.Storage/*/read for account and container metadata through ARM, not data-plane access to object contents. Official references: Azure Storage documentation, Storage Resource Provider REST API, Storage built-in roles, Authorize access with Azure RBAC.

Prerequisites

  • Microsoft Entra ID sign-in to the Azure portal.
  • Reader (or higher) on the subscription you connect. Assign at subscription scope for complete visibility.
  • Browser pop-ups allowed so the connector wizard can open when you enable the source.
Confirm access: Subscriptions → your subscription → Access control (IAM)View my access. Example role assignment (replace placeholders): 
az role assignment create \
  --assignee <your-user-principal-name> \
  --role "Reader" \
  --scope /subscriptions/<subscription-id>

Connect Microsoft Azure Storage to Iru

Connection is configured in Iru Compliance. The wizard shows Step 1 of 1: Perform OAuth Authentication.

Iru Compliance

1

Open Sources

In Iru Compliance, on the left navigation bar, expand Compliance and select Sources.
Left navigation: Compliance expanded, Sources selected
2

Turn on the integration

Find Microsoft Azure Storage (set Category to Developer tools or use Search by name or description). On that card, turn on the toggle to start the connector wizard.
3

Launch OAuth and sign in

Select Launch OAuth Authentication. Sign in with an account that has Reader on the subscription. Accept the requested permissions.
4

Confirm the source is Active

When setup completes, the Microsoft Azure Storage card shows Active.

Troubleshooting

Check pop-up blocker settings for the Iru site and try again.
Confirm Reader at subscription scope if you expect accounts across the whole subscription. Reader scoped only to a resource group omits accounts elsewhere.
Sign out of the Microsoft pop-up and sign in with the account for the correct tenant.
Turn Microsoft Azure Storage off and on in Sources, then complete OAuth again.

See also