Ensure that monitoring for unaudited Microsoft SQL servers is enabled within your Azure account so that Microsoft Defender for Cloud can determine if your SQL database servers have security auditing and threat detection enabled.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Microsoft recommends enabling auditing and threat detection for all the databases created on your SQL servers. Security auditing and threat detection can help you maintain regulatory compliance, understand database activity, and find any anomalies that could indicate potential vulnerabilities or suspected security violations. When the monitoring feature is enabled, Microsoft Defender for Cloud can determine if the security auditing is enabled for the SQL database servers provisioned in your Azure cloud account. If the SQL auditing is not enabled, the Microsoft Defender for Cloud recommends turning it on for compliance, advanced threat detection, and investigation purposes.
Audit
To determine if the monitoring of unaudited SQL servers is enabled within the Microsoft Defender for Cloud security policy, perform the following operations:
Remediation / Resolution
To enable monitoring for unaudited Microsoft Azure SQL servers, perform the following operations:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Manage security policies
- Azure Policy built-in policy definitions
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token