Configure Microsoft Defender for Storage to the Standard tier#
Security · Microsoft Defender for Cloud · 2022_09
Enable Microsoft Defender for Storage.
Description#
Storage Accounts can be subject to many security threats. Data corruption, malicious exposure of data, data exfiltration, unauthorized access are only a few.
Microsoft Defender for Storage provides protection against unusual and potential harmful access to your Storage Accounts. Based on Microsoft Threat Intelligence, it continuously monitor the telemetry stream to raise alerts when needed.
All those alerts come along with investigation steps, remediation actions, and security recommendations.
Defender for Storage doesn't access the Storage account data and has no impact on its performance.
Recommendation#
Consider using Microsoft Defender for Storage to protect your data hosted in Storage Accounts.
Examples#
Configure with Azure template#
To enable Defender for Storage:
- Set the
Standard
pricing tier for Microsoft Defender for Storage.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2022-03-01",
"name": "StorageAccounts",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep#
To enable Defender for Storage:
- Set the
Standard
pricing tier for Microsoft Defender for Storage.
For example:
resource defenderForStorage 'Microsoft.Security/pricings@2022-03-01' = {
name: 'StorageAccounts'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure CLI#
az security pricing create -n 'StorageAccounts' --tier 'standard'
Configure with Azure PowerShell#
Set-AzSecurityPricing -Name 'StorageAccounts' -PricingTier 'Standard'
Notes#
This rule applies when analyzing resources deployed (in-flight) to Azure.