AzPolicyAdvertizer

last sync: 2023-Sep-29 17:58:48 UTC

Azure Policy definition

Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only)

Source

Azure Portal

Display name

Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only)

17bc14a7-92e1-4551-8b8c-80f36953e166

Version

1.0.2
details on versioning

Category

Security Center
Microsoft docs

Description

Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects potential threats to your storage accounts. This policy will enable the basic Defender for Storage capabilities (Activity Monitoring). To enable full protection, which also includes On-upload Malware Scanning and Sensitive Data Threat Detection use the full enablement policy: aka.ms/DefenderForStoragePolicy. To learn more about Defender for Storage capabilities and benefits, visit aka.ms/DefenderForStorage.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled

RBAC role(s)

Role Name	Role Id
Security Admin	fb1c8493-542b-48eb-b624-b4c8fea62acd

Rule aliases

THEN-ExistenceCondition (2)

Alias	Namespace	ResourceType	DefaultPath	Modifiable
Microsoft.Security/pricings/pricingTier	Microsoft.Security	pricings	properties.pricingTier	false
Microsoft.Security/pricings/subPlan	Microsoft.Security	pricings	properties.subPlan	false

Rule resource types

IF (1)
Microsoft.Resources/subscriptions
THEN-Deployment (1)
Microsoft.Security/pricings

Compliance

Not a Compliance control

Initiatives usage

none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2023-03-31 17:44:15	add	17bc14a7-92e1-4551-8b8c-80f36953e166

JSON compare

n/a

JSON

api-version=2021-06-01