Microsoft Defender for Storage is a cloud-native, agentless security solution within Microsoft Defender for Cloud, part of Microsoft’s CNAPP offering. With seamless onboarding, it helps safeguard your organization’s most valuable data by detecting and preventing malicious uploads, sensitive data exfiltration, and data corruption. Powered by Microsoft Threat Intelligence, it delivers advanced threat detection to enhance your storage security.

Are all crown jewels made equally?

Defender for Storage provides exclusive, agentless malware protection for Azure Blob Storage, helping detect and mitigate malware threats against your organization’s data. Powered by Microsoft Defender Antivirus, this solution ensures data compliance and offers flexible scanning options, including on-upload and on-demand protection.

While maintaining visibility across all organizational data is crucial, some data requires higher scrutiny than others. Here are key use case scenarios:

• Contoso Financial Corporation prioritizes scanning high-risk files, such as external uploads, downloads, and files from untrusted sources.
• Contoso IT Department needs to filter out known internal files that typically generate false positives, reducing unnecessary security alerts and minimizing distractions from real malware threats.
• Contoso Health Department uses a trusted application that generates files and would like to optimize malware scanning for other, potentially riskier files.

🎉Introducing customizable on-upload scanning filters (Public Preview)

Defender for Storage provides security administrators with granular controls, offering flexibility to tailor security and deployment settings to their organization’s needs. These include configuring malware scanning caps, setting exclusions at the resource level, and more. 

A recently introduced feature now allows customization of on-upload malware scanning filters, delivering key benefits such as reducing unnecessary scans and lowering costs—without compromising security.

This new feature supports customizable filter such as:

• Exclude specific blob with prefix
• Exclude blobs with suffix
• Exclude blobs large (x) bytes

Start filtering your files today

Malware protection in Defender for Storage is exclusively available in the latest plan. If your organization is still using the classic Defender for Storage plan, we highly recommend upgrading to take advantage of the full range of security benefits and the latest features. Upgrading ensures access to enhanced threat detection, improved security controls, and ongoing feature updates that help protect your organization’s data more effectively. 

To begin your malware protection journey, review our documentation for detailed information on prerequisites and deployment guidelines. This will help you seamlessly integrate malware protection into your existing security strategy and maximize the value of Defender for Storage here.

Once Defender for Storage is enabled, follow the instructions below to use the filtering configurations:

1. Navigate to your storage account that you want to filter on-upload scans
2. Under “Security + networking”, select Microsoft Defender for Cloud
3. Select settings under Microsoft Defender for Storage

4. Under “On-upload malware scanning”, select which filters to apply. Example:

Conclusion

The introduction of customizable on-upload scanning filters provides granular control for security administrators, allowing for more flexibility and efficiency in malware protection. This feature helps reduce unnecessary scans and costs without compromising security. For customers using the classic Defender for Storage plan, upgrading to the latest plan is highly recommended to fully benefit from these advanced features. For more information about Defender for Storage please visit our public document aka.ms/defenderforstorage

Additional Resources

We want to hear from you! Please take a moment to fill out this survey to provide direct feedback to the Defender for Storage engineering team.