Ensure that Microsoft Defender for Cloud is enabled for the Microsoft SQL servers running on virtual machines (VMs). Defender for Cloud for SQL servers on virtual machines provides functionalities for discovering and mitigating potential database vulnerabilities, and detecting abnormal activities that could indicate a threat to your Microsoft SQL database servers. Defender for Cloud extends the protections for your SQL VM servers to fully support hybrid environments and protect SQL servers hosted within Microsoft Azure cloud, other cloud environments, and even on-premises machines.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By default, Microsoft Defender for Cloud is disabled for the Microsoft SQL servers running on virtual machines. Defender for Cloud for SQL Server virtual machines continuously monitors your SQL database servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The security service provides security alerts together with details of the suspicious activity and guidance on how to mitigate to the security threats.
Audit
To determine if the Microsoft Defender for Cloud security service is enabled for the SQL servers running on virtual machines, perform the following actions:
Remediation / Resolution
To enable Microsoft Defender for Cloud for SQL servers running on virtual machines (VMs), perform the following actions:
Note: Turning on Defender for Cloud for the specified resource type (i.e. SQL servers) incurs an additional cost per resource.References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Microsoft Defender for Cloud pricing
- Microsoft Defender for Cloud's enhanced security features
- Introduction to Microsoft Defender for SQL
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token