<img src="https://ws.zoominfo.com/pixel/JV60JGR5LG4sEWlH3Xte" width="1" height="1" style="display: none;">

In this series of blog posts, SecureSky will over time inventory the various Defender technologies and provide a brief overview and link to additional Microsoft documentation.

“Defender” used to be the name of Microsoft’s anti-virus software.

Now Microsoft’s branding strategy has switched to using “Defender for …” as a brand name for products across Microsoft’s security suite, including XDR technologies that prevent, detect, and respond to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

While easy to understand from a unified branding approach, this has created confusion as buyers attempt to navigate what each (of dozens) “Defender for …” products does, how they overlap (both within the Microsoft ecosystem and with third-party technologies), and how they are purchased or subscribed to.


Technology Name Microsoft Defender for Storage
Previous Name(s) N/A
Category Storage
Function Monitors unusual attempts to access or exploit Azure storage accounts, such as Blob Storage, Azure Files, or Azure Data Lake Storage Gen2 
Security alerts are triggered for the following scenarios (typically from 1-2 hours after the event):
Unusual access to an account For example, access from a TOR exit node, suspicious IP addresses, unusual applications, unusual locations, and anonymous access without authentication.
Unusual behavior in an account Behavior that deviates from a learned baseline, such as a change of access permissions in an account, unusual access inspection, unusual data exploration, unusual deletion of blobs/files, or unusual data extraction.
Hash reputation based malware detection Detection of known malware based on full blob/file hash. This can help detect ransomware, viruses, spyware, and other malware uploaded to an account, prevent it from entering the organization, and spreading to more users and resources. See also Limitations of hash reputation analysis.
Unusual file uploads Unusual cloud service packages and executable files that have been uploaded to an account.
Public visibility Potential break-in attempts by scanning containers and pulling potentially sensitive data from publicly accessible containers.
 Phishing campaigns When content that's hosted on Azure Storage is identified as part of a phishing attack that's impacting Microsoft 365 users.


Cost Basis Per storage transaction 
Microsoft Links https://docs.microsoft.com/en-us/azure/defender-for-cloud/defender-for-storage-introduction

For more information about the Microsoft Defender product line, please feel free to contact us by completing our contact form or emailing info@securesky.com.