👩🏽🍳Exercise 1: Preparing the Environment for Defender for Storage plan
To enable the Defender for Storage plan on a specific subscription:
- Sign in to the Azure portal.
- Navigate to Microsoft Defender for Cloud, then Environment settings.
- Select the relevant subscription.
- Toggle the Storage plan to On.
- Click on Settings located in the Monitoring Coverage column, below Full
- In the Malware scanning component, make sure the toggle is ON and for the limit of GB scanned per month per storage account, leave the default value of 5000 or click on Edit configurationto modify it.
- In the Sensitive data discovery component, make sure the toggle is ON.
- Select Continue and in the next screen Save.
Now all your existing and upcoming Azure Storage Accounts are protected.
📦Exercise 2: Create a Storage Account
- In the Azure portal go in the search bar and type Storage Account. Click on Storage Accounts.
- Click on Create
- In the Basics tab, choose the subscription where you enabled Defender for Storage. Then choose a Resource group where the Storage Account will live, if you don't have a resource group, you can click on Create New.
- In the Instance details, input a storage account name of 3 to 24 characters long (can contain only lowercase letters and numbers). Then select the region for your storage account. For this exercise, leave the Performance and Redundancy as default. For more information, visit our documentation.
- Hit the button Review and then Create.
The creation of your storage account will take a few seconds.
Note: by default, when you create a storage account, you get the roles User Access Administrator and Service Administrator. To enable and configure Malware Scanning, you must have Owner roles (such as Subscription Owner or Storage Account Owner) or specific roles with the necessary data actions. Learn more about the required permissions.
Nhận xét
Đăng nhận xét