How to disable azure defender?
Microsoft Defender for Storage is an Azure-native solution offering an advanced layer of intelligence for threat detection and mitigation in storage accounts, powered by Microsoft Threat Intelligence, Microsoft Defender Antimalware technologies, and Sensitive Data Discovery. With protection for Azure Blob Storage, Azure Files, and Azure Data Lake Storage services, it provides a comprehensive alert suite, near real-time Malware Scanning (add-on), and sensitive data threat detection (no extra cost), allowing quick detection, triage, and response to potential security threats with contextual information.
With Microsoft Defender for Storage, organizations can customize their protection and enforce consistent security policies by enabling it on subscriptions and storage accounts with granular control and flexibility.
Learn more about Microsoft Defender for Storage capabilities and security threats and alerts.
* Azure DNS Zone is not supported for Malware Scanning and sensitive data threat detection.
Malware Scanning supports storage accounts with “Networking” > “Public network access” enabled, either from all networks or from selected virtual networks. Malware Scanning is not supported for storage accounts with “Public network access” set to disabled.
:::image type="content" source="../../defender-for-cloud/media/azure-defender-storage-configure/networking.png" alt-text="Screenshot showing where to configure Public network access.":::
To enable and configure Malware Scanning, you must have Owner roles (such as Subscription Owner or Storage Account Owner) or specific roles with the necessary data actions. Learn more about the required permissions.
Event Grid resource provider must be registered to be able to create the Event Grid System Topic used for detect upload triggers. Follow these steps to verify Event Grid is registered on your subscription.
:::image type="content" source="media/azure-defender-storage-configure/register-event-grid-resource-provider.png" alt-text="Diagram showing how to register Event Grid as a resource provider." lightbox="media/azure-defender-storage-configure/register-event-grid-resource-provider.png":::
You must have permission to the /register/action operation for the resource provider. This permission is included in the Contributor and Owner roles.
To enable and configure Microsoft Defender for Storage to ensure maximum protection and cost optimization, the following configuration options are available:
You can enable and configure Microsoft Defender for Storage from the Azure portal, built-in Azure policies, programmatically using IaC templates (Bicep and ARM) or directly with REST API.
We recommend that you enable Defender for Storage on the subscription level. Doing so ensures all storage accounts in the subscription will be protected, including future ones.
There are several ways to enable Defender for Storage on subscriptions:
To enable Defender for Storage at the subscription level using the Azure portal:
Microsoft Defender for Storage is now enabled for this subscription, and is fully protected, including on-upload malware scanning and sensitive data threat detection.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection, you can select Settings and change the status of the relevant feature to Off.
If you want to change the malware scanning size cap per storage account per month for malware, change the settings in Edit configuration.
:::image type="content" source="../../defender-for-cloud/media/azure-defender-storage-configure/defender-for-storage-configuration.png" alt-text="Screenshot showing where to enable Malware Scanning and Sensitive data threat protection.":::
If you want to disable the plan, toggle the status button to Off for the Storage plan on the Defender plans page.
To enable and configure Defender for Storage at scale with an Azure built-in policy to ensure that consistent security policies are applied across all existing and new storage accounts within the subscriptions, follow these steps:
To enable and configure Microsoft Defender for Storage at the subscription level using Bicep, make sure your target scope is set to subscription, and add the following to your Bicep template:
To modify the monthly cap for malware scanning per storage account, simply adjust the CapGBPerMonthPerStorageAccount parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to False under Sensitive data discovery.
To disable the entire Defender for Storage plan, set the pricingTier property value to Free and remove the subPlan and extensions properties. Learn more about the Bicep template AzAPI reference.
To enable and configure Microsoft Defender for Storage at the subscription level using an ARM template, add this JSON snippet to the resources section of your ARM template:
To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the CapGBPerMonthPerStorageAccount parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to False under Sensitive data discovery.
To disable the entire Defender plan, set the pricingTier property value to Free and remove the subPlan and extensions properties.
Learn more in the ARM template reference.
To enable and configure Microsoft Defender for Storage at the subscription level using REST API, create a PUT request with this endpoint (replace the subscriptionId in the endpoint URL with your own Azure subscription ID):
And add the following request body:
To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the CapGBPerMonthPerStorageAccount parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to False under Sensitive data discovery.
To disable the entire Defender plan, set the pricingTier property value to Free and remove the subPlan and extensions properties.
Learn more about the updating Defender plans with the REST API in HTTP, Java, Go and JavaScript.
You can enable and configure Microsoft Defender for Storage on specific storage accounts in several ways:
The steps below include instructions on how to set up logging and an Event Grid for the Malware Scanning.
To enable and configure Microsoft Defender for Storage for a specific account using the Azure portal:
:::image type="content" source="../../defender-for-cloud/media/azure-defender-storage-configure/storage-account-enablement.png" alt-text="Screenshot showing where to enable On-upload malware scanning and Sensitive data threat detection for a specific storage account.":::
Microsoft Defender for Storage is now enabled on this storage account.
If you want to disable Defender for Storage on the storage account or disable one of the features (On-upload malware scanning or Sensitive data threat detection), select Settings, edit the settings, and select Save.
To enable and configure Microsoft Defender for Storage at the storage account level using an ARM template, add this JSON snippet to the resources section of your ARM template:
To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the capGBPerMonth parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to false under the malwareScanning or sensitiveDataDiscovery properties sections.
To disable the entire Defender plan for the storage account, set the isEnabled property value to false and remove the malwareScanning and sensitiveDataDiscovery sections from the properties.
To enable and configure Microsoft Defender for Storage at the storage account level using Bicep, add the following to your Bicep template:
To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the capGBPerMonth parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to false under the malwareScanning or sensitiveDataDiscovery properties sections.
To disable the entire Defender plan for the storage account, set the isEnabled property value to false and remove the malwareScanning and sensitiveDataDiscovery sections from the properties.
Learn more about the Bicep template AzAPI reference.
To enable and configure Microsoft Defender for Storage at the storage account level using REST API, create a PUT request with this endpoint. Replace the subscriptionId , resourceGroupName, and accountName in the endpoint URL with your own Azure subscription ID, resource group and storage account names accordingly.
And add the following request body:
To modify the monthly threshold for malware scanning in your storage accounts, simply adjust the capGBPerMonth parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
If you want to turn off the On-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to false under the malwareScanning or sensitiveDataDiscovery properties sections.
To disable the entire Defender plan for the storage account, set the isEnabled property value to false and remove the malwareScanning and sensitiveDataDiscovery sections from the properties.
Learn more about the updating Defender plans with the REST API in HTTP, Java, Go and JavaScript.
For each storage account enabled with Malware Scanning, you can define a Log Analytics workspace destination to store every scan result in a centralized log repository that is easy to query.
:::image type="content" source="../../defender-for-cloud/media/azure-defender-storage-configure/log-analytics-settings.png" alt-text="Screenshot showing where to configure a Log Analytics destination for scan logs.":::
This configuration can be performed using REST API as well:
Request URL:
Request Body:
For each storage account enabled with Malware Scanning, you can configure to send every scan result using Event Grid event for automation purposes.
:::image type="content" source="../../defender-for-cloud/media/azure-defender-storage-configure/event-grid-settings.png" alt-text="Screenshot showing where to enable an Event Grid destination for scan logs.":::
This configuration can be performed using REST API as well:
Request URL:
Request Body:
Defender for Storage settings on each storage account is inherited by the subscription-level settings. Use Override Defender for Storage subscription-level settings to configure settings that are different from the settings that are configured on the subscription-level.
The override setting is usually used for the following scenarios:
To override Defender for Storage subscription-level settings to configure settings that are different from the settings that are configured on the subscription-level using the Azure portal:
If you have a requirement to disable the default Windows Defender installation on your server due to using a different AV solution such as McAfee, Sophos etc, here is a step by step guide on how to disable or enable Windows Defender. You may also find that when trying to disable Windows Defender, the feature is greyed out, so we will also go through the process of getting around this issue via Power ShellFirstly, logon to your server, launch server manager and click ‘Manage’ as shown in the screenshot belowClick Add Roles and Features or Remove Roles and Features if you’re wanting to remove Windows Defender
Click next
and click next again
Leave the defaults and click next
Leave the defaults and click next
Scroll down to ‘Windows Defender Features’ and deselect or select if you are installing Windows Defender
If the option is greyed out, you will need to uninstall the feature via Power Shell.
Install or Uninstall Windows Defender via Power Shell
Launch Powershell as administrator (Right click on Powershell and click run as administrator)To remove Windows Defender, type: Uninstall-WindowsFeature -Name Windows-Defender
Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit your storage accounts. It uses advanced threat detection capabilities and Microsoft Threat Intelligence data to provide contextual security alerts. Those alerts also include steps to mitigate the detected threats and prevent future attacks.
Microsoft Defender for Storage continuously analyzes the transactions of Azure Blob Storage, Azure Data Lake Storage, and Azure Files services. When potentially malicious activities are detected, security alerts are generated. Alerts are shown in Microsoft Defender for Cloud with the details of the suspicious activity, appropriate investigation steps, remediation actions, and security recommendations.
Analyzed telemetry of Azure Blob Storage includes operation types such as Get Blob, Put Blob, Get Container ACL, List Blobs, and Get Blob Properties. Examples of analyzed Azure Files operation types include Get File, Create File, List Files, Get File Properties, and Put Range.
Defender for Storage classic doesn’t access the Storage account data and has no impact on its performance.
Learn more about the benefits, features, and limitations of Defender for Storage. You can also learn more about Defender for Storage in the Defender for Storage episode of the Defender for Cloud in the Field video series.
For the Defender for Storage per-transaction pricing, we recommend that you enable Defender for Storage for each subscription so that all existing and new storage accounts are protected. If you want to only protect specific accounts, configure Defender for Storage for each account.
You can configure Microsoft Defender for Storage on your subscriptions in several ways:
To enable Microsoft Defender for Storage at the subscription level with per-transaction pricing using a Terraform template, add this code snippet to your template with your subscription ID as the parent_id value:
To disable the plan, set the pricingTier property value to Free and remove the subPlan property.
Learn more about the ARM template AzAPI reference.
To enable Microsoft Defender for Storage at the subscription level with per-transaction pricing using Bicep, add the following to your Bicep template:
To disable the plan, set the pricingTier property value to Free and remove the subPlan property.
Learn more about the Bicep template AzAPI reference.
To enable Microsoft Defender for Storage at the subscription level with per-transaction pricing using an ARM template, add this JSON snippet to the resources section of your ARM template:
To disable the plan, set the pricingTier property value to Free and remove the subPlan property.
Learn more about the ARM template AzAPI reference.
To enable Microsoft Defender for Storage at the subscription level with per-transaction pricing using PowerShell:
To disable the plan, set the -PricingTier property value to Free.
Learn more about the using PowerShell with Microsoft Defender for Cloud.
To enable Microsoft Defender for Storage at the subscription level with per-transaction pricing using Azure CLI:
To disable the plan, set the -tier property value to free.
Learn more about the az security pricing create command.
To enable Microsoft Defender for Storage at the subscription level with per-transaction pricing using the Microsoft Defender for Cloud REST API, create a PUT request with this endpoint and body:
Replace {subscriptionId} with your subscription ID.
To disable the plan, set the -pricingTier property value to Free and remove the subPlan parameter.
Learn more about the updating Defender plans with the REST API in HTTP, Java, Go and JavaScript.
You can configure Microsoft Defender for Storage with per-transaction pricing on your accounts in several ways:
To enable Microsoft Defender for Storage for a specific storage account with per-transaction pricing using an ARM template, use the prepared Azure template.
If you want to disable Defender for Storage on the account:
To enable Microsoft Defender for Storage for a specific storage account with per-transaction pricing using PowerShell:
If you want to disable per-transaction pricing for a specific storage account, use the Disable-AzSecurityAdvancedThreatProtection cmdlet:
Learn more about the using PowerShell with Microsoft Defender for Cloud.
To enable Microsoft Defender for Storage for a specific storage account with per-transaction pricing using Azure CLI:
To disable Microsoft Defender for Storage for your subscription, use the az security atp storage update command:
Learn more about the az security atp storage command.
When you enable Microsoft Defender for Storage on a subscription for the per-transaction pricing, all current and future Azure Storage accounts in that subscription are protected. You can exclude specific storage accounts from the Defender for Storage protections using the Azure portal, PowerShell, or the Azure CLI.
We recommend that you enable Defender for Storage on the entire subscription to protect all existing and future storage accounts in it. However, there are some cases where people want to exclude specific storage accounts from Defender protection.
Exclusion of storage accounts from protected subscriptions requires you to:
To exclude an Azure Storage account from Microsoft Defender for Storage (classic), you can use:
Microsoft Defender for Storage can exclude specific active Databricks workspace storage accounts, when the plan is already enabled on a subscription.
To exclude an active Databricks workspace:
The tags are inherited by the Storage account of the Databricks workspace and prevent Defender for Storage from turning on.
When you create a new Databricks workspace, you have the ability to add a tag that prevents your Microsoft Defender for Storage account from enabling automatically.
To prevent auto-enabling on a new Databricks workspace storage account:
The Microsoft Defender for Storage account inherits the tag of the Databricks workspace, which prevents Defender for Storage from turning on automatically.
Yes, you can migrate to per-storage account pricing in the Azure portal or using any of the other supported enablement methods. To migrate to per-storage account pricing, enable per-storage account pricing at the subscription level.
Yes, you can enable per-transaction pricing to migrate back from per-storage account pricing using all enablement methods except for the Azure portal.
Yes, you can enable per-transaction pricing from all the enablement methods, except for the Azure portal.
No, you can only enable per-storage account pricing for each subscription. All storage accounts in the subscription are protected.
When you enable Microsoft Defender for Storage at the subscription level for per-storage account or per-transaction pricing, it takes up to 24 hours for the plan to be enabled.
No. Both per-storage account and per-transaction pricing include the same features. The only difference is the pricing.
Microsoft Defender for Cloud can be enabled using Azure Policy on all Azure subscriptions the same under the management group (MG). This is more convenient than going to the portal and logging in to each one separately, and it works even if the subscriptions are owned by different persons.
Note
To bring a management group and all of its subscriptions on board.
Follow these steps,
Go to the Azure portal and log in.
Type "Defender" into the search field and hit Enter.
After that, look at Microsoft Defender for Cloud.
Then, in the Management Option, open Environment settings.
Then choose the subscription or workspace that you want to protect the information.
“You'll note that each Microsoft Defender plan has its own price and may be turned on or off separately. On subscriptions that don't have an Azure App Service plan, for example, you might want to disable Defender for App Service.”
You have the option of selecting "Enable all" or the Plan (ON or OFF).
Then came the notification that the Defender plan has been successfully saved.
Have a look at some information on Workload Protections.
The Upgrade tab displays a list of subscriptions and workspaces that are eligible for onboarding.
Select the subscriptions and workspaces to upgrade from the Select subscriptions and workspaces to protect with Microsoft Defender for Cloud list, after which select Upgrade to enable all Microsoft Defender for Cloud security features.
Select the subscriptions and workspaces to upgrade from the Select subscriptions and workspaces to protect with Microsoft Defender for Cloud list, after which select Upgrade to enable all Microsoft Defender for Cloud security features.
- Sign in to the Azure portal.
- Navigate to your storage account.
- In the Security + networking section of the Storage account menu, select Microsoft Defender for Cloud.
- Select Disable.
Related Questions
- How to create job in autosys?
- How to name range vba?
- How to permanently cure premature ejaculation?
- How to open ooze dab pen?
- How to dance in a ballroom?
- How to share gc link?
- How to deal with ugly divorce?
- How to increase oxygen level in covid patients naturally?
- How to factorise four terms?
- How to hold pickaxe in offhand bedrock?
