AzureFeeds

If you’re using Microsoft Defender for Storage to protect your blobs from malware, you probably know that scan results are automatically written to blob index tags. These tags are helpful for querying scan status efficiently and seeing results in near-real time in the blob itself, but for high-frequency scans, those extra writes can add up in cost.

Now, with our latest update, you have a choice.

🆕 What’s New?

Starting June 25^th, Defender for Storage introduces optional index tags. This means you can disable writing scan results as index tags, while keeping malware scanning fully active and effective.

What stays the same
Malware scanning continues to work as configured (on-upload or on-demand), and verdicts (when a blob is found malicious) are still available via Defender for Cloud security alerts and when you configure sending the results to an Event Grid or Log Analytics Workspace.

What’s optional
You can now choose not to write scan results to blob index tags.

💡 This feature is ideal if you,

• Scan a lot of blobs per month and want to reduce index tag operations associated costs


• Only want to look at malicious verdicts


• Need to optimize cost

⚙️ How to Configure It

You can manage index tagging settings at the Storage Account level or Subscription level, either through the Azure Portal or API.

❗Important Notes

• This feature does not apply to ADLS Gen2, which does not support index tags.


• You’ll still receive malware alerts and scan results through other channels (if configured) like Event Grid and Log Analytics Workspace, even with index tags disabled.


• The feature is now live and configurable via the Azure portal and REST API.