Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Automated Remediation for Malware Detection - Defender for Storage

Fernanda_Vela's avatar
Fernanda_Vela
Icon for Microsoft rankMicrosoft
Sep 17, 2025

Today, Defender for Storage released, in public preview for Commercial Cloud, the feature Automated Remediation for Malware Detection. This is for both On-upload and On-demand malware scanning. The full documentation can be found in this link.

 

What does it do?

Anytime that a blob is found malicious (malicious content was found in the blob), the Automated Remediation feature will kick in and soft-delete the blob.

 

What do you mean by soft-delete?

As soon as you enable Automated Remediation for Malware Detection, at the subscription level or storage account level, under “Data Management”, two settings will get automatically configured:

  • Enable soft delete for blobs
    • Keep deleted blobs for (in days): 7 days (if this was not configured. If you had a different retention period, we will not modify it)
  • Enable soft delete for containers
    • Keep deleted containers for (in days): 7 days (if this was not configured. If you had a different retention period, we will not modify it)

This configuration will let you “undelete” or “recover” the deleted blobs.

 

How do I enable it?

There are two ways: sub-level and resource-level. Besides the User Interface options described in this blog, we have other sub-level and resource-level enablement options like REST API which are documented in this link.

 

Subscription level

  1. Go to Microsoft Defender for Cloud
  2. Environment Settings
  3. Select the subscription
  4. Enable Defender for Storage (if not enabled already)
  5. Click Settings
  6. In Malware Scanning configuration, check the box Soft delete malicious blobs (preview)
  7. Save it

 

Note: by default, enabling malware scanning will not automatically enable Automated Remediation for Malware Detection.

 

 

Storage account level

  1. Select the storage account
  2. Under Security + networking, click on Microsoft Defender for Cloud
  3. If Defender for Storage is already enabled, click on Settings
  4. Under the On-upload malware scanning settings, mark the checkbox Soft delete malicious blobs (preview)
  5. Save it

 

How does it look like?

 

Note: If you turn on Versioning for Blobs on your storage account, see Manage and restore soft delete for blobs to learn how to restore a soft deleted blob.

 

 

Try it out and let us know your feedback! 😊

Published Sep 17, 2025
Version 1.0
cloud security
microsoft defender for storage
No CommentsBe the first to comment