You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/streaming-api-storage.md
+7-7Lines changed: 7 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,27 +32,27 @@ ms.date: 06/21/2024
32
32
33
33
1. Create a [Storage account](/azure/storage/common/storage-account-overview) in your tenant.
34
34
35
-
2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions > Your subscription > Resource Providers > Register to Microsoft.Insights**.
35
+
2. Log in to your [Azure tenant](https://ms.portal.azure.com/), go to **Subscriptions** > **Your subscription** > **Resource Providers** > **Register to Microsoft.Insights**.
36
36
37
37
### Add contributor permissions
38
38
39
-
Once the Storage account is created, you'll need to:
39
+
Once the storage account is created, you'll need to define the user who is signing in as a contributor.
40
40
41
-
1.Define the user who is logging into Microsoft Defender XDR as Contributor.
41
+
1.Go to **Storage Account** > **Access control (IAM)**, and then select **Add**.
42
42
43
-
Go to **Storage Account > Access control (IAM) > Add** and verify under **Role assignments**.
43
+
2. Verify the user is listed under **Role assignments**.
44
44
45
45
## Enable raw data streaming
46
46
47
-
1.Log in to <ahref="https://go.microsoft.com/fwlink/p/?linkid=2077139"target="_blank">Microsoft Defender XDR</a> as a ***Security Administrator*** at a minimum.
47
+
1.Go to the [Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2077139) and sign in using an account with at least Security Administrator permissions.
48
48
49
49
> [!IMPORTANT]
50
50
> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
51
51
52
52
> [!NOTE]
53
-
> When using the Streaming API to an Azure Storage account, ensure the option "Allow trusted Microsoft services to access this storage account" is enabled in the storage account settings to allow for data to be streamed from Microsoft Defender for Endpoint.
53
+
> When using the Streaming API to an Azure Storage account, ensure the option `Allow trusted Microsoft services to access this storage account` is enabled in the storage account settings to allow for data to be streamed from Microsoft Defender for Endpoint.
54
54
55
-
2. Go to **Settings** > **Microsoft Defender XDR** > **Streaming API**. To go directly to the **Streaming API** page, use <https://security.microsoft.com/settings/mtp_settings/raw_data_export>.
55
+
2. Go to **Settings** > **Microsoft Defender XDR** > **Streaming API**. To go directly to the **Streaming API** page, use [https://security.microsoft.com/settings/mtp_settings/raw_data_export](https://security.microsoft.com/settings/mtp_settings/raw_data_export).
0 commit comments