Verify that That Microsoft Defender for Storage Is Set To 'On'

Framework Reference: A.8.16 Integration: Azure – Microsoft Defender for Cloud (Storage)

Why this matters

Enabling Microsoft Defender for Storage activates built-in threat detection on storage accounts. It provides advanced threat intelligence, anomaly detection, and behavior analytics to identify suspicious activity targeting Azure Storage resources.

What this check does

This Auto Check verifies whether Microsoft Defender for Storage is enabled and set to the Standard pricing tier.

Check passes if:

• Microsoft Defender for Storage is enabled (PricingTier = Standard)

Check fails if:

• Microsoft Defender for Storage is disabled or set to a different pricing tier

Applies to:

• Azure Subscriptions with Storage Accounts

How to fix it

Azure Portal

1. Go to Microsoft Defender for Cloud

2. Click Environment Settings

3. Select your Subscription

4. Go to the Defender plans section

5. Ensure Status = On for Storage

6. Click Save

Azure CLI

az security pricing create -n StorageAccounts --tier 'standard' 

PowerShell

Set-AzSecurityPricing -Name 'StorageAccounts' -PricingTier 'Standard'

Exceptions

None. All subscriptions with storage accounts should have this protection enabled.

Further resources

• Microsoft Defender threat detection capabilities

• Azure REST API – Pricing List

• Azure REST API – Update Pricing

• PowerShell Cmdlet: Get-AzSecurityPricing

• Azure Benchmark – LT-1