last sync: 2023-Sep-29 17:58:48 UTC

Azure Policy definition

Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only)

Source Azure Portal
Display name Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only)
Id 17bc14a7-92e1-4551-8b8c-80f36953e166
Version 1.0.2
details on versioning
Category Security Center
Microsoft docs
Description Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects potential threats to your storage accounts. This policy will enable the basic Defender for Storage capabilities (Activity Monitoring). To enable full protection, which also includes On-upload Malware Scanning and Sensitive Data Threat Detection use the full enablement policy: To learn more about Defender for Storage capabilities and benefits, visit
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
DeployIfNotExists, Disabled
RBAC role(s)
Role Name Role Id
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd
Rule aliases THEN-ExistenceCondition (2)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Security/pricings/pricingTier Microsoft.Security pricings properties.pricingTier false
Microsoft.Security/pricings/subPlan Microsoft.Security pricings properties.subPlan false
Rule resource types IF (1)
THEN-Deployment (1)
Compliance Not a Compliance control
Initiatives usage none
Date/Time (UTC ymd) (i) Change type Change detail
2023-03-31 17:44:15 add 17bc14a7-92e1-4551-8b8c-80f36953e166
JSON compare n/a