How to add defender malware scanner for azure storage account

Question

Im trying to enable malware scanner for my azure storage account but its throwing me this error.

Plan enablement partially succeeded. Could not enable on-upload malware scanning: Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown.. Could not enable sensitive data discovery: Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown.

I encountered this error enabling the defernder via atorage account

storage_account => Microsoft Defender for Cloud

for this configuration It wont work

Answer 1

Hi Dileepa Mabulage,

Thank you for posting your query here!

As the on-upload malware scanning and sensitive data discovery features could not be enabled for your Azure storage account, please note that for Malware Scanning and sensitive data threat detection at subscription and storage account levels, you need Owner roles (subscription owner/storage account owner) or specific roles with corresponding data actions.

The following table summarizes the permissions you need for each scenario. The permissions are either built-in Azure roles or action sets that you can assign to custom roles.

Details on unsupported features and services in Malware Scanning: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan#limitations

Please let us know if you have any further queries. I’m happy to assist you further.

---

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.