Enable and configure with REST API
We recommend that you enable Defender for Storage on the subscription level. Doing so ensures all storage accounts currently in the subscription are protected. Storage accounts that are created after enabling Defender for Storage on the subscription level will be protected up to 24 hours after creation.
Tip
You can always configure specific storage accounts with custom configurations that differ from the settings configured at the subscription level (override subscription-level settings).
To enable and configure Microsoft Defender for Storage at the subscription level using REST API, create a PUT request with this endpoint (replace the subscriptionId
in the endpoint URL with your own Azure subscription ID):
PUT
https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/pricings/StorageAccounts?api-version=2023-01-01
And add the following request body:
{
"properties": {
"extensions": [
{
"name": "OnUploadMalwareScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"CapGBPerMonthPerStorageAccount": "5000"
}
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True"
}
],
"subPlan": "DefenderForStorageV2",
"pricingTier": "Standard"
}
}
To modify the monthly threshold for malware scanning in your storage accounts, adjust the CapGBPerMonthPerStorageAccount
parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the on-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to False under Sensitive data discovery.
To disable the entire Defender plan, set the pricingTier property value to Free and remove the subPlan
and extensions properties.
Learn more about updating Defender plans with the REST API in HTTP, Java, Go, and JavaScript.
Tip
Malware scanning can be configured to send scanning results to the following:
Event Grid custom topic - for near-real time automatic response based on every scanning result. Learn more how to configure malware scanning to send scanning events to an Event Grid custom topic.
Log Analytics workspace - for storing every scan result in a centralized log repository for compliance and audit. Learn more how to configure malware scanning to send scanning results to a Log Analytics workspace.
Learn more on how to set up response for malware scanning results.