Enable and configure with the Azure portal

We recommend that you enable Defender for Storage on the subscription level. Doing so ensures all storage accounts currently in the subscription are protected. Storage accounts that are created after enabling Defender for Storage on the subscription level will be protected up to 24 hours after creation.

Tip

You can always configure specific storage accounts with custom configurations that differ from the settings configured at the subscription level (override subscription-level settings).

To enable Defender for Storage at the subscription level using the Azure portal:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Environment settings.

  3. Select the subscription for which you want to enable Defender for Storage.

    Screenshot that shows where to select the subscription.

  4. Select the three dots on the right and then choose the Edit settings option.

  5. On the Defender plans page, locate Storage in the list and select On and Save. If you currently have Defender for Storage enabled with per-transaction pricing, select the New pricing plan available link and confirm the pricing change.

    Screenshot that shows where to turn on Storage plan.

Microsoft Defender for Storage is now enabled for this subscription, and is fully protected, including on-upload malware scanning and sensitive data threat detection.

If you want to turn off the on-upload malware scanning or sensitive data threat detection, you can select Settings and change the status of the relevant feature to Off and save the changes.

If you want to change the malware scanning size capping per storage account per month for malware, change the settings in Edit configuration and save the changes.

If you want to disable the plan, turn status button to Off for the Storage plan on the Defender plans page and save the changes.

Tip

Malware scanning can be configured to send scanning results to the following:
Event Grid custom topic - for near-real time automatic response based on every scanning result. Learn more how to configure malware scanning to send scanning events to an Event Grid custom topic.
Log Analytics workspace - for storing every scan result in a centralized log repository for compliance and audit. Learn more how to configure malware scanning to send scanning results to a Log Analytics workspace.

Next steps