How to disable/enable Azure Advanced Threat Protection/Microsoft Defender from CVO
Applies to
- Cloud Volumes ONTAP (CVO)
- Microsoft Defender (formerly Advanced Threat Protection)
- Azure storage account
Answer
- By default, Microsoft Defender is disabled on CVO but it is supported on Azure storage accounts attached to CVO either used for tiering or Cloud Backup.
- If Microsoft Defender needs to be enabled or it was previously enabled and now needs to be disabled, it's advised to contact Azure for more information.
NOTE:
- ONTAP WAFL filesystem inactive userdata blocks packaged into objects in FabricPool blob or Cloud Backup Service bucket contents, is not decipherable by Microsoft Defender,Any data inconsistency , if found on I/O to FabricPool bucket or during snapmirror update/restore to/from cloud backup bucket, is reported by WAFL in ems logs or sktrace logs ,
- But there are chances of access to these Blobs directly outside ONTAP and hence Microsoft Defender can work to scan if files are uploaded to the bucket outside ONTAP.
- Blobs used for Azure CVO HA deployments before 9.12 as root and data disks, will not be scanned as Microsoft Defender does not support page blobs.