We've researched into how Defender AV interacts with suspicious files, which includes the 'decision matrix' flowchart, showing a file's metadata and then itself being sent to a blob store for review by AI/ML analysis. The following questions focus on further technical information around this Sample Submission process. When selecting Send Safe Samples Automatically: Is there an exhaustive list for what file types are sent to the cloud for review? Is there an exhaustive list for what file types a user will be prompted for approval to send? Or does Defender AV scan the file for possible PII and then prompt the user? In the event a user does not respond to a prompt, what happens? Noting that any files sent to the cloud for review are anonymised of company related identifiers, can we identify: Where does the anonymisation occur on data sent to the cloud for review; is this done by Defender AV on the tenant side or by a process in the cloud before analysis? Effectively, where is the table held for the company data <> hash conversion of the anonymisation. If anonymisation is done in the cloud, what security is there around protecting the pre-anonymisation data, the anonymisation process and the databases controlling the company data <> anonymised data link. This includes protection from MS employees. Can they freely see this data, or are there protections around account elevation to review this information? Also, if the anonymisation is done in the cloud, is there job segregation between those who work on the anonymisation process/data and those who monitor the blob store and AI/ML analysis of submitted samples? The attack story here is that an MS engineer could access the anonymised data conversion tables, then use these identifiers to search the submitted samples in the blob to identify and collect specific company based files (that could contain Company IP). Can we confirm that only automated systems analyse the files submitted to the blob store for Sample Submission. No engineers review this data, albeit in anonymised fashion, prior to the automated systems flagging malware? We assume a human engineer then reviews the sample when a malware detection is hit. When the engineer reviews the malware detection, do they see anonymised or deanonymised data? From the last few questions, we are looking to understand who in MS has access to our data, anonymised or not, during the sample submission process. What data is sent from the blob to Defender AV, post sample submission? Is any other data sent outside of a block/no block decision post scanning? Can the Sample Submission Defender > Blob channel be reversed by a MS engineer or otherwise, to send arbitrary code or files down from the cloud to Defender AV and its host? How long is Samples sent to the cloud retained for and does this honour the data residency of our tenant? If Defender AV is setup on its own on a host and not connected to Azure, but Sample Submission is enabled; what residency rules does Defender AV use when sending samples to the blobs for analysis, and what retention rules does it use?