diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
index f818a846ac8..6ab646f2229 100644
--- a/CHANGELOG.next.asciidoc
+++ b/CHANGELOG.next.asciidoc
@@ -235,6 +235,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix `okta` geoip lookup in pipeline for `destination.ip` {pull}20454[20454]
 - Fix mapping exception in the `googlecloud/audit` dataset pipeline. {issue}18465[18465] {pull}20465[20465]
 - Fix `cisco` asa and ftd parsing of messages 106102 and 106103. {pull}20469[20469]
+- Improve validation checks for Azure configuration {issue}20369[20369] {pull}20389[20389]
 
 *Heartbeat*
 
diff --git a/x-pack/filebeat/input/azureeventhub/config.go b/x-pack/filebeat/input/azureeventhub/config.go
index 0521d3a76e6..68ad8d109e0 100644
--- a/x-pack/filebeat/input/azureeventhub/config.go
+++ b/x-pack/filebeat/input/azureeventhub/config.go
@@ -7,6 +7,7 @@ package azureeventhub
 import (
 	"errors"
 	"fmt"
+	"unicode"
 )
 
 type azureInputConfig struct {
@@ -36,6 +37,32 @@ func (conf *azureInputConfig) Validate() error {
 	}
 	if conf.SAContainer == "" {
 		conf.SAContainer = fmt.Sprintf("%s-%s", ephContainerName, conf.EventHubName)
+
+	}
+	err := storageContainerValidate(conf.SAContainer)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func storageContainerValidate(name string) error {
+	runes := []rune(name)
+	length := len(runes)
+	if length < 3 {
+		return fmt.Errorf("storage_account_container (%s) must be 3 or more characters", name)
+	}
+	if length > 63 {
+		return fmt.Errorf("storage_account_container (%s) must be less than 63 characters", name)
+	}
+	if !unicode.IsLower(runes[0]) && !unicode.IsNumber(runes[0]) {
+		return fmt.Errorf("storage_account_container (%s) must start with a lowercase letter or number", name)
+	}
+	for i := 0; i < length; i++ {
+		if !unicode.IsLower(runes[i]) && !unicode.IsNumber(runes[i]) && !('-' == runes[i]) {
+			return fmt.Errorf("rune %d of storage_account_container (%s) is not a lowercase letter, number or dash", i, name)
+		}
 	}
 	return nil
 }
diff --git a/x-pack/filebeat/input/azureeventhub/config_test.go b/x-pack/filebeat/input/azureeventhub/config_test.go
new file mode 100644
index 00000000000..b6f264911d8
--- /dev/null
+++ b/x-pack/filebeat/input/azureeventhub/config_test.go
@@ -0,0 +1,29 @@
+// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+// or more contributor license agreements. Licensed under the Elastic License;
+// you may not use this file except in compliance with the Elastic License.
+
+package azureeventhub
+
+import (
+	"testing"
+)
+
+func TestStorageContainerValidate(t *testing.T) {
+	var tests = []struct {
+		input    string
+		errIsNil bool
+	}{
+		{"a-valid-name", true},
+		{"a", false},
+		{"a-name-that-is-really-too-long-to-be-valid-and-should-never-be-used-no-matter-what", false},
+		{"-not-valid", false},
+		{"capital-A-not-valid", false},
+		{"no_underscores_either", false},
+	}
+	for _, test := range tests {
+		err := storageContainerValidate(test.input)
+		if (err == nil) != test.errIsNil {
+			t.Errorf("storageContainerValidate(%s) = %v", test.input, err)
+		}
+	}
+}