Configure Microsoft Defender for SQL to the Standard tier

Security · Microsoft Defender for Cloud · Rule · 2022_09

Enable Microsoft Defender for SQL servers.

Description

SQL databases are used to store critical and strategic assets for your company and should be carefully secured. Microsoft Defender for SQL represents a single go-to location to manage security capabilities.

Enabling Defender for SQL automatically enables the following advanced SQL security capabilities:

• Vulnerability Assessment: discover, track, and provide guidance to remediate potential database vulnerabilities.
• Advanced Threat Protection: continuous monitoring of your databases, detection of suspect activities and more.

When enable at subscription level, all databases in Azure SQL Database and Azure SQL Managed Instance are protected.

Recommendation

Consider using Microsoft Defender for SQL to protect your SQL databases.

Examples

Configure with Azure template

To enable Microsoft Defender for SQL:

• Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure Template snippet

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "SqlServers",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep

To enable Microsoft Defender for SQL:

• Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure Bicep snippet

resource defenderForSQL 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'SqlServers'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI

To enable Microsoft Defender for SQL:

• Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure CLI snippet

az security pricing create -n 'SqlServers' --tier 'standard'

Configure with Azure PowerShell

To enable Microsoft Defender for SQL:

• Set the Standard pricing tier for Microsoft Defender for SQL.

For example:

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'SqlServers' -PricingTier 'Standard'

Notes

This rule applies when analyzing resources deployed (in-flight) to Azure.

Links

• Security operations in Azure
• Azure SQL Database and security
• Introduction to Microsoft Defender for SQL
• Azure security baseline for Azure SQL
• DP-2: Monitor anomalies and threats targeting sensitive data
• LT-1: Enable threat detection capabilities
• Azure Policy built-in policy definitions
• Azure deployment reference

---

Last update: 2023-02-19

Comments