Configure Microsoft Defender for SQL Servers on machines to the Standard tier#

Security · Microsoft Defender for Cloud · Rule · 2022_09 · Critical

Enable Microsoft Defender for SQL servers on machines.

Description#

SQL databases are used to store critical and strategic assets for your company and should be carefully secured. Microsoft Defender for SQL Servers on machines represents a single go-to location to manage security capabilities.

Enabling Defender for SQL automatically enables vulnerability Assessment for your SQL databases hosted in a VM. It discovers, tracks, and provides guidance to remediate potential database vulnerabilities.

Enabling at subscription level doesn't protect all your SQL servers. A Log Analytics agent must be deployed on the machine and the Log Analytics workspace must have Defender for SQL enabled.

Recommendation#

Consider using Microsoft Defender for SQL Servers on machines to protect your SQL servers running on VMs.

Examples#

Configure with Azure template#

To enable Defender for SQL servers on machines:

Set the Standard pricing tier for Microsoft Defender for SQL servers on machines.

For example:

Azure Template snippet

{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "SqlServerVirtualMachines",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep#

To enable Defender for SQL servers on machines:

Set the Standard pricing tier for Microsoft Defender for SQL servers on machines.

For example:

Azure Bicep snippet

resource defenderForSQLOnVM 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'SqlServerVirtualMachines'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

Azure CLI snippet

az security pricing create -n 'SqlServerVirtualMachines' --tier 'standard'

Configure with Azure PowerShell#

Azure PowerShell snippet

Set-AzSecurityPricing -Name 'SqlServerVirtualMachines' -PricingTier 'Standard'

Notes#

This rule applies when analyzing resources deployed (in-flight) to Azure.