Description:

Microsoft Defender for Storage adds advanced threat protection to Azure Storage Accounts. When enabled, it detects suspicious activities such as anomalous access, malware uploads, data exfiltration attempts, and other storage-based attacks. This helps protect stored data by providing real-time alerts and recommended remediation steps.


Rationale:

Turning on Defender for Storage ensures that malicious activities are detected early and reported. It improves security by monitoring access patterns, scanning for malware, and detecting data exfiltration attempts. This enhances compliance and provides an additional layer of defense against threats targeting storage accounts.


Impact:

Enabling Defender for Storage adds security benefits, but it incurs additional cost based on the number of transactions analyzed. Organizations must ensure budget approval and understand that high-transaction workloads may increase security billing.


Default Value:

By default, Microsoft Defender for Storage is OFF and must be manually enabled.


Pre-requisites:

  • Azure subscription with permission to enable Defender plans

  • Role required: Owner, Contributor, or Security Admin

  • The Storage Account must already exist

  • Microsoft Defender for Cloud must be available in the region

Test Plan:

  1. Sign in to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Storage Account and select your storage account.

  3. Under Security + Networking, click Microsoft Defender for Cloud.

  4. Verify that Microsoft Defender for Storage is turned on.

  5. If Microsoft Defender for Storage is OFF, Follow the Implementation Plan.

Implementation Plan:

  1. Sign in to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Storage Account and select your storage account.

  1. Under Security + Networking, click Microsoft Defender for Cloud.

                                 

  1. In Microsoft Defender for Storage, click on “Enable storage account.”

Backout plan:

  1. Sign in to the Azure portal at https://portal.azure.com.

  2. In the portal, search for Storage Account and select your storage account.

  3. Under Security + Networking, click Microsoft Defender for Cloud.

  4. Open Microsoft Defender for Storage Settings, toggle the Microsoft Defender for Storage switch to Off, and click Save to revert the configuration.

              

References: