Skip to content

Configure Microsoft Defender for SQL to the Standard tier#

Security · Microsoft Defender for Cloud · Rule · 2022_09 · Critical

Enable Microsoft Defender for SQL servers.

Description#

SQL databases are used to store critical and strategic assets for your company and should be carefully secured. Microsoft Defender for SQL represents a single go-to location to manage security capabilities.

Enabling Defender for SQL automatically enables the following advanced SQL security capabilities:

  • Vulnerability Assessment: discover, track, and provide guidance to remediate potential database vulnerabilities.
  • Advanced Threat Protection: continuous monitoring of your databases, detection of suspect activities and more.

When enable at subscription level, all databases in Azure SQL Database and Azure SQL Managed Instance are protected.

Recommendation#

Consider using Microsoft Defender for SQL to protect your SQL databases.

Examples#

Configure with Azure template#

To enable Microsoft Defender for SQL:

  • Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure Template snippet
{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "SqlServers",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep#

To enable Microsoft Defender for SQL:

  • Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure Bicep snippet
resource defenderForSQL 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'SqlServers'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

To enable Microsoft Defender for SQL:

  • Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure CLI snippet
az security pricing create -n 'SqlServers' --tier 'standard'

Configure with Azure PowerShell#

To enable Microsoft Defender for SQL:

  • Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure PowerShell snippet
Set-AzSecurityPricing -Name 'SqlServers' -PricingTier 'Standard'

Notes#

This rule applies when analyzing resources deployed (in-flight) to Azure.

Comments