Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Malware scan results now in blob tags (ADLS Gen2 HNS | Public Preview)

Fernanda_Vela's avatar
Fernanda_Vela
Icon for Microsoft rankMicrosoft
Mar 03, 2026

If you’ve been using Defender for Storage malware scanning with ADLS Gen2 storage accounts that have Hierarchical Namespace (HNS), you probably know that the scan happens, but the result isn’t easy to see right where the file lives. 

That changes now. 

Azure Storage just released a public preview feature that many customers have been asking for: Blob tags for Hierarchical Namespace. And for Defender for Storage, this translates into something super practical: Malware scanning results can now appear in the file’s tags (blob tags) for ADLS Gen2 accounts with HNS. 

 

Before the preview: 
If you used malware scanning on ADLS Gen2 (HNS), you typically viewed results by: 

  • Sending the results to an Event Grid Topic, and/or 
  • Sending them to a Log Analytics Workspace, and/or 
  • Looking on Defender for Cloud security alerts when malware was found. 

 

Now (with the preview enabled): 
You can see the malware scanning outcome directly on the file, via blob tags. 

 

 

 

What’s actually changing? 

If both of the conditions below are true: 

  1. Your Defender for Storage malware scanning setting is configured as: 
    Store scan results as blob index tags 
    AND 

    2. You enabled the Azure Storage public preview feature: 
        “Blob Tags for Hierarchical Namespace 

…then you’ll start seeing malware scanning results in tags for files in ADLS Gen2 (HNS). 

Any impact I should know about? 

Functional impact 

Yes, this improves visibility and unlocks easier workflows: 

  • Quickly check file scan status while investigating 
  • Filter or query files based on blob tag values 
  • Use tags as a lightweight way to drive automation (e.g., workflow automation) 

Cost impact  

Right now that Blob Tags for Hierarchical Namespace is in public preview, there’s no additional cost to have the malware scan results in the blob tags. The cost will come once this feature becomes Generally Available (GA). 

Try it now 

Here’s the simplest way to get started: 

  1. Enable the preview: “Blob Tags for Hierarchical Namespace”
  2. In Defender for Storage, ensure malware scanning is enabled and set to: Store scan results as blob index tags
  3. Upload a test file and check the object’s blob tags after scanning completes 

🎥  

 

Quick checklist 

 ADLS Gen2 storage account 
 HNS enabled 
 Defender for Storage malware scanning enabled 
 “Store scan results as blob index tags” selected 
 “Blob Tags for Hierarchical Namespace” preview enabled 
➡️ Result: scan outcomes show in the blob tags 

Published Mar 03, 2026
Version 1.0
microsoft defender for storage
No CommentsBe the first to comment