Update-AzSecurityDefenderForStorage
Update the Defender for Storage settings on a specified storage account.
Syntax
Update-AzSecurityDefenderForStorage
-ResourceId <String>
[-IsEnabled]
[-MalwareScanningScanResultsEventGridTopicResourceId <String>]
[-OnUploadCapGbPerMonth <Int32>]
[-OnUploadIsEnabled]
[-OverrideSubscriptionLevelSetting]
[-SensitiveDataDiscoveryIsEnabled]
[-DefaultProfile <PSObject>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
Update the Defender for Storage settings on a specified storage account.
Examples
Example 1: Enable Defender for Storage V2 and Scanning Services
Update-AzSecurityDefenderForStorage -ResourceId "/subscriptions/<SubscriptionId>/resourcegroups/<ResourceGroupName>/providers/Microsoft.Storage/storageAccounts/<StorageAccountName>" -IsEnabled -OnUploadIsEnabled -OnUploadCapGbPerMonth 7000 -SensitiveDataDiscoveryIsEnabled
Id : /subscriptions/<SubscriptionId>/resourcegroups/<ResourceGroupName>/providers/Microsoft.Storage/storageAccounts/<StorageAccountName>
IsEnabled : True
MalwareScanningOperationStatusCode : Succeeded
MalwareScanningOperationStatusMessage :
MalwareScanningScanResultsEventGridTopicResourceId :
Name : current
OnUploadCapGbPerMonth : 7000
OnUploadIsEnabled : True
OverrideSubscriptionLevelSetting : False
ResourceGroupName : <ResourceGroupName>
SensitiveDataDiscoveryIsEnabled : True
SensitiveDataDiscoveryOperationStatusCode : Succeeded
SensitiveDataDiscoveryOperationStatusMessage :
Type : Microsoft.Security/defenderForStorageSettingsExample 2: Disable Defender for Storage V2 when Scanning Services are enabled
Update-AzSecurityDefenderForStorage -ResourceId "/subscriptions/<SubscriptionId>/resourcegroups/<ResourceGroupName>/providers/Microsoft.Storage/storageAccounts/<StorageAccountName>" -IsEnabled:$false -OnUploadIsEnabled:$false -SensitiveDataDiscoveryIsEnabled:$false
Id : /subscriptions/<SubscriptionId>/resourcegroups/<ResourceGroupName>/providers/Microsoft.Storage/storageAccounts/<StorageAccountName>
IsEnabled : False
MalwareScanningOperationStatusCode : Succeeded
MalwareScanningOperationStatusMessage :
MalwareScanningScanResultsEventGridTopicResourceId :
Name : current
OnUploadCapGbPerMonth : -1
OnUploadIsEnabled : False
OverrideSubscriptionLevelSetting : False
ResourceGroupName : <ResourceGroupName>
SensitiveDataDiscoveryIsEnabled : False
SensitiveDataDiscoveryOperationStatusCode : Succeeded
SensitiveDataDiscoveryOperationStatusMessage :
Type : Microsoft.Security/defenderForStorageSettingsNote that when Scanning Services are enabled, disabling them explicitly is required in order to disable Defender for Storage V2 (-IsEnabled:$false is not enough).
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DefaultProfile
The DefaultProfile parameter is not functional. Use the SubscriptionId parameter when available if executing the cmdlet against a different subscription.
| Type: | PSObject |
| Aliases: | AzureRMContext, AzureCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-IsEnabled
Indicates whether Defender for Storage is enabled on this storage account.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MalwareScanningScanResultsEventGridTopicResourceId
Optional. Resource id of an Event Grid Topic to send scan results to.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OnUploadCapGbPerMonth
Defines the max GB to be scanned per Month. Set to -1 if no capping is needed.
| Type: | Int32 |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OnUploadIsEnabled
Indicates whether On Upload malware scanning should be enabled.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OverrideSubscriptionLevelSetting
Indicates whether the settings defined for this storage account should override the settings defined for the subscription.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceId
The identifier of the resource.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SensitiveDataDiscoveryIsEnabled
Indicates whether Sensitive Data Discovery should be enabled.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
