![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 44%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,258 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Hello Saurin Shah,
Greetings! Welcome to Microsoft Q&A Platform.
Pease note that for Malware Scanning and sensitive data threat detection at subscription and storage account levels, you need Owner roles (subscription owner/storage account owner) or specific roles with corresponding data actions.
The following table summarizes the permissions you need for each scenario. The permissions are either built-in Azure roles or action sets that you can assign to custom roles.
When you enable malware scanning in Defender for Storage, the StorageDataScanner resource is created and automatically assigned the Storage Blob Data Owner role. This role is necessary for the scanner to access and scan your data.
The malware scanning feature in Defender for Storage is designed to automatically scan files as they are uploaded or modified in your storage account. This is done using Microsoft Defender Antivirus capabilities. The scanning process is triggered by events such as file uploads or modifications.
If a malicious file is detected, Defender for Cloud generates security alerts. These alerts can include details about the detected malware and the actions taken, such as quarantining or deleting the malicious file. The automatic role assignment and malware scanning are part of the built-in functionality of Microsoft Defender for Storage. These actions are performed automatically by the system to ensure your storage accounts are protected from malicious content.
refer- https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan,
Details on unsupported features and services in Malware Scanning: https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-malware-scan#limitations
Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 61%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E2%3C/text%3E%3C/svg%3E)