How Can I Tell If Microsoft Defender Has Scanned A Blob (a blob with no virus)

Question

I'm looking into using Microsoft Defender for Cloud to use with Blob Storage.

Ideally I'd like to:

1. Upload to Storage
2. Have Defender for cloud scan for viruses
3. If there's an issue, remove it
4. If there's NOT an issue, process it further.

Step 3 is easy. Workflow automation and can easily trigger such events.

The bit I can't work out is: what if the scan goes through fine?

I've looked in Logic Apps and can't find a 'successfully scanned' trigger.

When will the scan occur? As soon as uploaded, or just on a schedule?

Is there anything I can go on (metadata?) to know a blob has been scanned and is good to go?

Answer 1

Microsoft Defender for Storage does not currently scan uploaded files. You can read more about this here. This being the case you cannot accomplish what you are are trying to do with the current offering. You have a couple of options:

1. Wait for the release of the malware scanning feature (this is in the works)
2. Use something like this

Answer 2

This is now available see Malware scanning in Defender for Storage

You can tell if a file has been scanned through Blob Index Tags

The 2 tags you'd be interested in are Malware Scanning scan time UTC and Malware Scanning scan result