Pre-Configuration

Configuration steps prior product installation.

    Resource Group

    Identify or create a new Azure Resource Group where the Protegrity solution will be installed. It is recommended that a new Resource group is created. This can provide greater security controls and help avoid conflicts with other applications that might impact regional account limits. An individual with the Cloud Administrator role will be required for some of the subsequent installation steps.

    Azure Subscription ID (AzureSubscriptionID): ____________________

    Azure Resource Group ID (ApiResourceGroupID): ___________________

    Azure Region (ApiRegion): ___________________

    Key Vault

    Key Vault is required to store secrets and encrypt policy deployment package. Identify existing Key Vault or create new.

    To create Key Vault:

    1. From the Azure Console select Create a resource.

    2. Navigate to Key Vault > Create.

    3. Select a Resource group.

    4. Enter a Key vault name.

    5. Select a Region. For the best performance, use the same region for all resources.

    6. Set the Pricing tier to Standard.

    7. Under Access configuration, select Vault access policy as the Permission model.

    8. Under Networking, ensure that Enable public access is selected.

    9. Under Review + create, click Create.

    10. Record Key Vault Name:

      Key Vault Name (PolicyKeyValue): ___________________

    Function App Storage

    Create Storage Account

    Create a storage account to host Protegrity deployment packages provided in installation artifact bundle. Note that turning on the firewall or restricting access to selected virtual networks or IP address ranges will require additional configuration and is beyond the scope of this document.

    To create Function App storage:

    1. From the Azure Console select Create a resource.

    2. Navigate to Storage account > Create.

    3. Select the Resource group where the Protegrity solution will be deployed.

    4. Enter a Storage account name.

    5. Select the Region where the Protegrity solution will be deployed.

    6. Set the Preferred storage type to Azure Blob Storage or Azure Data Lake Storage

    7. Set the Primary workload to Cloud native

    8. Setting for Performance should be set to Standard.

    9. Setting for Redundancy should be set to Geo-redundant storage (GRS).

    10. Continue to Advanced setup and verify Enable hierarchical namespace is unchecked

    11. Adjust the Networking and Data protection configurations according to your security requirements or use the default values.

    12. Under Review + create, click Create.

    13. Record the storage account name

      Storage Account Name (StorageAccountName): ____________________

    14. Record the storage blob service URL. Navigate to created Storage Account, select Settings, Endpoints, record the value of Blob Service

      Storage Account Blob Service Url (StorageAccountBlobServiceUrl): ____________________

    Upload Files

    Create a deployment container using the Azure Blob Service.

    1. Go Storage Account created in the previous step.

    2. Under Data storage section, select Containers and click + Container .

    3. Type in container name and click Create .

    4. Upload the following installation artifacts to the container:

    • protegrity-protect-azure-<version>.zip
    • protegrity-agent-azure-<version>.zip

    1. Record Protect function blob URL:

      Protect Function Blob URL (ProtectFuncURL): ____________________

    2. Record Forward function blob URL. Both Protect and Forward functions use the same protegrity-protect-azure-<version>.zip distribution:

      Forward Function Blob URL (ForwardFuncURL): ____________________

    3. Record Agent function blob URL:

      Agent Function Blob URL (AgentFuncURL): ____________________

    Create Protect Function Policy Blob

    Create a blob container for encrypted Protegrity security policy using Azure Blob Service. Agent will store encrypted policy in this container. Both Protect and Log Forwarder functions will load policy from this container.

    1. Go Storage Account created in the previous step.

    2. Under Data storage section, select Containers and click + Container .

    3. Type in container name and click Create .

    4. Right-click the container name, and select Container properties to obtain URL.

      Append the name of the policy file to the container URL, e.g, https://<your-storage-account>.blob.core.windows.net/<your-policy-container>/<your-policy-file-name>.zip. Record the blob url.

      Protect Function Policy Blob URL (ProtectFuncPolicyBlobUrl): ____________________

    Create Agent Policy Blob Container

    The Agent function uploads an encrypted policy zip package to a blob container which is used as a staging storage. Create the policy staging container

    To prepare the policy blob container:

    1. Under Storage account created in previous step, select Data storage > Containers and click + Container .

    2. Type in a container name and click Create .

      Agent Policy Blob Container Name (AgentPolicyBlobContainer): ___________________


    Last modified : January 07, 2026