Skip to main content

ADLS Reader initial setup

This topic describes setting up the ADLS Reader.

Setting up the Entra ID application for ADLS Reader

Set up an Entra ID application with authorization to access the Azure Storage account:

  1. Register a single tenant Entra ID application. See Register an application with the Microsoft identity platform.

  2. Create a Client Secret for the application. Note down the secret value during creation.

  3. Assign the role of "Storage Blob Data Contributor" or "Storage Blob Data Reader" (read-only) to the Entra ID application using Access Control (IAM) by the Owner or User Access Administrator. See Assign Azure roles using the Azure portal.

You can obtain the Client ID and Tenant ID of the Entra ID application from the Overview page of the application. The Client Secret serves as the credential for authentication.

Authorizing the Entra ID application to access Log Analytics

If you set the Object Detection Mode to Log Analytics for ADLS Reader, you should authorize the Microsoft Entra ID application to access the Log Analytics workspace. You can do this by assigning the role of "Log Analytics Reader" to the Entra ID application using Access Control (IAM) by the owner or user access administrator.

Setting up a Log Analytics workspace

A Log Analytics workspace is an environment where you can ingest log data from Azure services and capture the changes in a storage account. Before running ADLS Reader with Object Detection Mode set to Log Analytics, you must set up a Log Analytics workspace to monitor a storage account, and note the Log Analytics workspace ID.

You can create a new Log Analytics workspace or use an existing one to monitor the storage account.

To capture log data from Azure Data Lake Storage to the Log Analytics workspace:

  1. Open the landing page of the storage account resource and click Diagnostic Settings under Monitoring.

  2. Enable the diagnostic status for blob and click Enabled to provide a diagnostic setting.

    adls-reader-blob.png

  3. Click Add Diagnostic Setting.

  4. Configure the following settings:

    1. Enter a name for the diagnostic setting.

    2. In Logs > Categories, select StorageWrite.

    3. In the Destination details, select Send to Log Analytics workspace and specify the name of the Log Analytics workspace resource that was created.

    4. Click Save to save the setting.

      adls_reader_diagnostic_setting.png