![]() Access to the DMZ container can be highly restricted, ensuring that only malware-free files proceed to the scenario-level storage account containers. We can refer to this as a "Demilitarized Zone (DMZ) Storage Account Container", which acts as the frontline defence for processing file uploads originating from different application scenarios. ![]() To address this challenge, we can create a solitary storage account container that remains separate from the storage containers specific to individual application scenarios. Enabling Microsoft Defender for Storage’s add-on Malware Scanning on the scenario specific storage account can lead to inadvertent invocation of malicious files as developers may have direct access to them for troubleshooting the issues or it may not be the most cost-effective approach for handling scanning across each storage account container. Let's consider a scenario that requires file upload use-cases, and each use-case needs its individual storage account to manage its file uploads. In a typical complex web application, file uploads are a common occurrence across various application scenarios (for instance an application responsible for handling employee payroll may have one module accepting proof of identity documents from employees for personal information updates and other module handling employee reimbursement requests based on the uploaded expense receipts). This blog post elucidates one of the architectural patterns that can be employed for efficiently monitoring the malware scan status while utilizing Microsoft Defender for storage malware scanning.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |