Set up continuous export to an event hub behind a firewall

Important

Attention: All Microsoft Defender for Cloud features will be officially retired in Azure in China region on August 18, 2026 per the announcement posted by 21Vianet.

In a situation where an event hub is behind a firewall, you can enable continuous export as a trusted service so that you can send data to the event hub.

Prerequisites

Set up continuous export to the eventhub

You can enable continuous export as a trusted service so that you can send data to an event hub that has Azure Firewall enabled.

To grant access to continuous export as a trusted service:

  1. Sign in to the Azure portal.

  2. Go to Microsoft Defender for Cloud > Environmental settings.

  3. Select the relevant resource.

  4. Select Continuous export.

  5. Select Export as a trusted service.

    Screenshot that shows where the checkbox is located to select export as trusted service.

Add the relevant role assignment to the destination event hub.

To add the relevant role assignment to the destination event hub:

  1. Go to the selected event hub.

  2. In the resource menu, select Access control (IAM) > Add role assignment.

    Screenshot that shows the Add role assignment button.

  3. Select Azure Event Hubs Data Sender.

  4. Select the Members tab.

  5. Choose + Select members.

  6. Search for and then select Windows Azure Security Resource Provider.

    Screenshot that shows you where to enter and search for Microsoft Azure Security Resource Provider.

  7. Select Review + assign.

Next step

View exported data in Azure Monitor