Ensure that Storage Account has Microsoft Defender for Cloud enabled

Activating Microsoft Defender for a Storage account enables threat detection for this Storage account, providing threat intelligence, anomaly detection, and behavior analytics.

Risk Level: Low
Cloud Entity: Azure Storage Account
CloudGuard Rule ID: D9.AZU.MON.81
Covered by Spectral: No
Category: Storage


StorageAccount should have advancedThreatProtectionEnabled = true


From Portal

  1. Sign in to the Azure portal (https://portal.azure.com/).
  2. Navigate to your storage account.
  3. In the storage account menu, in the Security + networking section, select Microsoft Defender for Cloud.
  4. On-upload Malware Scanning and Sensitive data threat detection are enabled by default. You can disable the features by unselecting them.
  5. Select Enable on storage account.

From TF

resource "azurerm_advanced_threat_protection" "example" {
	target_resource_id = azurerm_storage_account.example.id
	enabled            = true


  1. https://learn.microsoft.com/en-us/azure/storage/common/azure-defender-storage-configure?tabs=enable-storage-account
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/advanced_threat_protection

Azure Storage Account

An Azure storage account provides a unique namespace to store and access your Azure Storage data objects. All objects in a storage account are billed together as a group. By default, the data in your account is available only to you, the account owner.

Compliance Frameworks

  • CloudGuard Azure All Rules Ruleset