- Vendor 1 needs to upload data to an Azure blob storage container owned by Vendor 2
- Vendor 1 is issued a limited duration SAS token each day to use
- Azure does no scanning of incoming blobs (therefore content is untrusted when it lands)
- Microsoft recommends pre-scanning all files before uploading
- What is a repeatable pattern for Vendor 2 to secure this type of content unpload against malware threats?