Edit

Set up continuous export to an event hub behind a firewall

Microsoft Defender for Cloud supports continuous export of alerts and recommendations to Azure Event Hubs. If your event hub is behind a firewall, you can allow Defender for Cloud as a trusted service so export can continue. This article explains how to configure that trusted-service access.

Prerequisites

Before you enable trusted-service access, configure continuous export by using one of these methods:

Set up continuous export to the event hub

Enable continuous export as a trusted service to send data to an event hub protected by Azure Firewall.

To grant access to continuous export as a trusted service:

  1. Sign in to the Azure portal at portal.azure.com.

  2. Go to Microsoft Defender for Cloud > Environment settings.

  3. Select the relevant resource.

  4. Select Continuous export.

  5. Select Export as a trusted service.

    Screenshot that shows where the checkbox is located to select export as trusted service.

Add the relevant role assignment to the destination event hub

To add the relevant role assignment to the event hub configured as your continuous export destination:

  1. Go to the event hub that you configured as the continuous export destination.

  2. In the resource menu, select Access control (IAM) > Add role assignment.

    Screenshot that shows the Add role assignment button.

  3. Select Azure Event Hubs Data Sender.

  4. Select the Members tab.

  5. Choose + Select members.

  6. Search for and then select Windows Azure Security Resource Provider.

    Screenshot that shows you where to enter and search for Microsoft Azure Security Resource Provider.

  7. Select Review + assign.

Next step

View exported data in Azure Monitor

  • Last updated on