Hello Denys Bielov,
Thank you for posting your query here!
I understand that you are unable to enable Defender for Storage Malware scanning for Azure Storage account.
Please note that being the owner of the subscriptions does not provide full rights to achieve that.
Please check this custom defined role:
{
"properties": {
"roleName": "Custome role for EventGrid",
"description": "",
"assignableScopes": ["/subscriptions/<my_subscription_guid>"],
"permissions": [
{
"actions": ["Microsoft.EventGrid/eventSubscriptions/write"],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
After the role is created, go to PIM (Privileged Identity Management) for the subscription and create a new role assignment for the account.
Do let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.