You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
**Modifying the monthly cap for malware scanning**:
42
42
43
-
To modify the monthly cap for malware scanning per storage account, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month per storage account. If you want to permit unlimited scanning, assign the value *-1*. The default limit is set at 5,000 GB.
43
+
To modify the monthly cap for malware scanning per storage account, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month per storage account. If you want to permit unlimited scanning, assign the value *-1*. The default limit is set at 10,000 GB.
**Modifying the monthly cap for malware scanning**:
83
83
84
-
To modify the monthly cap for malware scanning per storage account, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
84
+
To modify the monthly cap for malware scanning per storage account, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
85
85
86
86
**Disabling features**:
87
87
@@ -110,7 +110,7 @@ To enable and configure Microsoft Defender for Storage at the subscription level
110
110
"name": "OnUploadMalwareScanning",
111
111
"isEnabled": "True",
112
112
"additionalExtensionProperties": {
113
-
"CapGBPerMonthPerStorageAccount": "5000"
113
+
"CapGBPerMonthPerStorageAccount": "10000"
114
114
}
115
115
},
116
116
{
@@ -124,7 +124,7 @@ To enable and configure Microsoft Defender for Storage at the subscription level
124
124
125
125
**Modifying the monthly cap for malware scanning**:
126
126
127
-
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
127
+
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
**Modifying the monthly cap for malware scanning**:
175
175
176
-
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value *-1*. The default limit is set at 5,000 GB.
176
+
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value *-1*. The default limit is set at 10,000 GB.
**Modifying the monthly cap for malware scanning**:
233
233
234
-
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth parameter` to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
234
+
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth parameter` to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
235
235
236
236
**Disabling features**:
237
237
@@ -262,7 +262,7 @@ To enable and configure Microsoft Defender for Storage at the storage account le
262
262
"malwareScanning": {
263
263
"onUpload": {
264
264
"isEnabled": true,
265
-
"capGBPerMonth": 5000
265
+
"capGBPerMonth": 10000
266
266
}
267
267
},
268
268
"sensitiveDataDiscovery": {
@@ -276,7 +276,7 @@ To enable and configure Microsoft Defender for Storage at the storage account le
276
276
277
277
**Modifying the monthly cap for malware scanning**:
278
278
279
-
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value *-1*. The default limit is set at 5,000 GB.
279
+
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value *-1*. The default limit is set at 10,000 GB.
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-for-storage-introduction.md
+2-4
Original file line number
Diff line number
Diff line change
@@ -83,9 +83,7 @@ Defender for Storage also processes internal transactions, including Azure Blob
83
83
84
84
Malware scanning is charged on a per-gigabyte basis for scanned data. To ensure cost predictability, a monthly cap can be established for each storage account's scanned data volume. This cap can be set subscription-wide, affecting all storage accounts within the subscription, or applied to individual storage accounts. Under protected subscriptions, you can set specific storage accounts with different limits.
85
85
86
-
By default, the limit is set to 5,000 GB per month per storage account. Once this threshold is exceeded, scanning ceases for the remaining blobs, with a 20-GB confidence interval. For configuration details, see [configure Defender for Storage](/azure/storage/common/azure-defender-storage-configure).
87
-
88
-
By default, the limit is set to 5,000 GB per month per storage account. Once this threshold is exceeded, scanning ceases for the remaining blobs, with a 20-GB confidence interval. For configuration details, see [configure Defender for Storage](/azure/storage/common/azure-defender-storage-configure).
86
+
By default, the limit is set to 10,000 GB per month per storage account. Once this threshold is exceeded, scanning ceases for the remaining blobs, with a 20-GB confidence interval. For configuration details, see [configure Defender for Storage](/azure/storage/common/azure-defender-storage-configure).
89
87
90
88
> [!IMPORTANT]
91
89
> Malware scanning in Defender for Storage isn't included for free in the first 30-day trial and is charged from the first day in accordance with the pricing scheme available on the Defender for Cloud [pricing page](https://azure.microsoft.com/pricing/details/defender-for-cloud/). Malware scanning incurs additional charges for other Azure services: Azure Storage read operations, Azure Storage blob indexing, and Azure Event Grid notifications.
@@ -96,7 +94,7 @@ Microsoft Defender for Storage secures your data at scale with granular controls
96
94
97
95
### Monitor your malware scanning cap
98
96
99
-
To ensure uninterrupted protection while effectively managing costs, there are two security alerts related to malware scanning cap usage. The first alert, `Malware scanning will stop soon: 75% of monthly gigabytes scan cap reached (Preview)`, is triggered as your usage approaches 75% of the set monthly cap, offering a heads-up to adjust your cap if needed. The second alert, `Malware scanning stopped: monthly gigabytes scan cap reached (Preview)`, notifies you when the cap is reached and scanning is paused for the month, potentially leaving new uploads unscanned. Both alerts include details on affected storage accounts to prompt and inform action, ensuring you maintain your desired level of security without unexpected expenses.
97
+
To ensure uninterrupted protection while effectively managing costs, there are two security alerts related to malware scanning cap usage. The first alert, `Malware scanning will stop soon: 75% of monthly gigabytes scan cap reached`, is triggered as your usage approaches 75% of the set monthly cap, offering a heads-up to adjust your cap if needed. The second alert, `Malware scanning stopped: monthly gigabytes scan cap reached`, notifies you when the cap is reached and scanning is paused for the month, potentially leaving new uploads unscanned. Both alerts include details on affected storage accounts to prompt and inform action, ensuring you maintain your desired level of security without unexpected expenses.
100
98
101
99
## Understand the differences between malware scanning and hash reputation analysis
If no extension properties are provided for the cmdlet, both malware scanning and sensitive data discovery are enabled by default. The default monthly threshold per storage account for malware scanning is 5,000 GB.
47
+
If no extension properties are provided for the cmdlet, both malware scanning and sensitive data discovery are enabled by default. The default monthly threshold per storage account for malware scanning is 10,000 GB.
48
48
49
-
To modify the monthly threshold for on-upload malware scanning in your storage accounts, adjust the `CapGBPerMonthPerStorageAccount` property to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
49
+
To modify the monthly threshold for on-upload malware scanning in your storage accounts, adjust the `CapGBPerMonthPerStorageAccount` property to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
50
50
51
51
If you want to turn off the on-upload malware scanning or sensitive data threat detection features, you can change the `isEnabled` value to `False` on the `OnUploadMalwareScanning` or `SensitiveDataDiscovery` extension properties respectively. To disable the entire Defender plan, set the `-PricingTier` property value to `Free` and remove the `-SubPlan` and extension properties.
> With Defender for Storage enabled at the subscription level, the `-OverrideSubscriptionLevelSetting` parameter is necessary to override the settings at the subscription level. If the override parameter is not used, the extensions will be set according to the subscription level settings, regardless of the parameter values supplied in the cmdlet.
68
68
69
-
To modify the monthly threshold for malware scanning the storage account, adjust the `-OnUploadCapGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data to be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
69
+
To modify the monthly threshold for malware scanning the storage account, adjust the `-OnUploadCapGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data to be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
70
70
71
71
The malware scan results can be sent to the Event Grid by supplying the Event Grid topic resource ID in the parameter `-MalwareScanningScanResultsEventGridTopicResourceId "<resourceId>"`.
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-for-storage-rest-api-enablement.md
+4-4
Original file line number
Diff line number
Diff line change
@@ -32,7 +32,7 @@ And add the following request body:
32
32
"name": "OnUploadMalwareScanning",
33
33
"isEnabled": "True",
34
34
"additionalExtensionProperties": {
35
-
"CapGBPerMonthPerStorageAccount": "5000"
35
+
"CapGBPerMonthPerStorageAccount": "10000"
36
36
}
37
37
},
38
38
{
@@ -46,7 +46,7 @@ And add the following request body:
46
46
}
47
47
```
48
48
49
-
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
49
+
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `CapGBPerMonthPerStorageAccount` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
50
50
51
51
If you want to turn off the on-upload malware scanning or Sensitive data threat detection features, you can change the isEnabled value to **False** under Sensitive data discovery.
52
52
@@ -73,7 +73,7 @@ And add the following request body:
@@ -86,7 +86,7 @@ And add the following request body:
86
86
}
87
87
```
88
88
89
-
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 5,000 GB.
89
+
To modify the monthly threshold for malware scanning in your storage accounts, adjust the `capGBPerMonth` parameter to your preferred value. This parameter sets a cap on the maximum data that can be scanned for malware each month, per storage account. If you want to permit unlimited scanning, assign the value -1. The default limit is set at 10,000 GB.
90
90
91
91
If you want to turn off the on-upload malware scanning or sensitive data threat detection features, you can change the `isEnabled` value to **False** under the `malwareScanning` or `sensitiveDataDiscovery` properties sections.
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/on-upload-malware-scanning.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -63,7 +63,7 @@ Malware scanning is billed per GB scanned. To provide cost predictability, malwa
63
63
64
64
The [capping mechanism](tutorial-enable-storage-plan.md#set-up-and-configure-microsoft-defender-for-storage) sets a monthly scanning limit, measured in gigabytes (GB), for each storage account. This serves as an effective cost control measure. If a predefined scanning limit is reached for a storage account within a single calendar month, the scanning operation automatically halts. This halt occurs once the threshold is reached, with up to a 20-GB deviation. Files aren't scanned for malware beyond this point. The cap resets at the end of every month at midnight UTC. Updating the cap typically takes up to an hour to take effect.
65
65
66
-
By default, a limit of 5 TB (5,000 GB) is established if no specific capping mechanism is defined.
66
+
By default, a limit of 10 TB (10,000 GB) is established if no specific capping mechanism is defined.
67
67
68
68
> [!TIP]
69
69
> You can set the capping mechanism on either individual storage accounts or across an entire subscription (every storage account on the subscription will be allocated the limit defined on the subscription level).
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/release-notes.md
+9
Original file line number
Diff line number
Diff line change
@@ -31,8 +31,17 @@ This article summarizes what's new in Microsoft Defender for Cloud. It includes
31
31
32
32
|Date | Category | Update|
33
33
| -------- | -------- | -------- |
34
+
| April 24 | GA|[General Availability of API Security Posture Management native integration within Defender CSPM Plan](#general-availability-of-api-security-posture-management-native-integration-within-defender-cspm-plan)|
34
35
| April 7 | Upcoming Change|[Enhancements for Defender for app service alerts](#enhancements-for-defender-for-app-service-alerts)|
35
36
37
+
### General Availability of API Security Posture Management native integration within Defender CSPM Plan
38
+
39
+
April 24, 2025
40
+
41
+
API Security Posture Management is now generally available as part of the Defender CSPM plan. This release introduces a unified inventory of your APIs along with posture insights, helping you identify and prioritize API risks more effectively directly from your Defender CSPM plan. You can enable this capability through the Environment Settings page by turning on the API Security Posture extension.
42
+
43
+
With this update, new risk factors have been added, including risk factors for unauthenticated APIs (AllowsAnonymousAccess) and APIs lacking encryption (UnencryptedAccess). Additionally, APIs published through Azure API Management now allow mapping back to any connected Kubernetes Ingresses and VMs, providing end-to-end visibility into API exposure and support risk remediation through Attack path analysis.
44
+
36
45
### Enhancements for Defender for app service alerts
37
46
38
47
On April 30, 2025, Defender for App Service alerting capabilities will be enhanced. We will add alerts for suspicious code executions and access to internal or remote endpoints. Additionally, we have improved coverage and reduced noise from relevant alerts by expanding our logic and removing alerts that were causing unnecessary noise. As part of this process, the alert "Suspicious WordPress theme invocation detected" will be deprecated.
0 commit comments