Malware Scanning Now Available for Azure Government Secret and Top-Secret Clouds
alsteele details the general availability of malware scanning in Microsoft Defender for Storage for Azure Government Secret and Top-Secret Clouds, focusing on how this new feature helps public sector organizations secure sensitive data and meet compliance requirements.
Malware Scanning Now Available for Azure Government Secret and Top-Secret Clouds
Microsoft Defender for Storage now offers malware scanning capabilities for storage accounts in Azure Government Secret and Top-Secret Clouds, aligning feature sets across both commercial and government environments. This enhancement is designed to help organizations in the public sector protect sensitive data and meet strict regulatory standards.
Why Government Cloud Malware Scanning Matters
Organizations in government environments manage classified and regulated data. Enabling malware scanning addresses:
- Protection of classified and sensitive documents from malware and infected uploads
- Prevention against lateral movement or staging attacks across departments or third-party vendors
- Adherence to industry compliance requirements such as FedRAMP, CJIS, and FISMA
- Continuous threat monitoring and immediate response leveraging up-to-date threat intelligence
- Implementation of Zero Trust security principles
Malware Scanning Triggers
Defender for Storage’s agentless solution offers two key scanning options:
- On-upload scanning: Automatically scans blobs as they’re uploaded or modified for real-time threat detection.
- On-demand scanning: Allows for manual or scheduled scanning in response to emerging security concerns or compliance audits.
Note: Enabling on-upload scanning is required for on-demand scanning to function.
Enabling Malware Scanning
Customers can enable malware scanning in Defender for Storage using various tools and interfaces:
- Azure Built-In Policy (recommended)
- Azure Portal UI
- Infrastructure as Code
- REST API
- PowerShell
Advanced Configuration Options
Advanced features empower high-security organizations to tailor scanning and monitoring, including:
- Detailed logging of scan results for audit and forensics
- Integration with Azure Event Grid custom topics for automated responses
- Connectivity with Azure Log Analytics for centralized analysis
- Ability to override at the subscription or resource level
- Customizable scanning limits (e.g., monthly GB)
Additional Resources
- Defender for Storage Malware Protection Overview
- On-demand malware protection in Defender for Storage
- On-upload malware protection in Defender for Storage
- Advanced configurations for malware scanning
Author: alsteele
If you have feedback or questions, please complete this survey for the Defender for Storage engineering team.
This post appeared first on “Microsoft Tech Community”. Read the entire article here