Use Advanced Threat Protection

Security · SQL Database · Rule · 2020_06 · Important

Enable Microsoft Defender for Azure SQL logical server.

Description

Enable Microsoft Defender for Azure SQL logical server.

Recommendation

Consider enabling Advanced Data Security and configuring Microsoft Defender for SQL logical servers.

Examples

Configure with Azure template

Azure Template snippet

{
  "comments": "Create or update an Azure SQL logical server.",
  "type": "Microsoft.Sql/servers",
  "apiVersion": "2019-06-01-preview",
  "name": "[parameters('serverName')]",
  "location": "[parameters('location')]",
  "tags": "[parameters('tags')]",
  "kind": "v12.0",
  "identity": {
    "type": "SystemAssigned"
  },
  "properties": {
    "administratorLogin": "[parameters('adminUsername')]",
    "version": "12.0",
    "publicNetworkAccess": "[if(parameters('allowPublicAccess'), 'Enabled', 'Disabled')]",
    "administratorLoginPassword": "[parameters('adminPassword')]",
    "minimalTLSVersion": "1.2"
  },
  "resources": [
    {
      "type": "Microsoft.Sql/servers/securityAlertPolicies",
      "apiVersion": "2020-02-02-preview",
      "name": "[concat(parameters('serverName'), '/Default')]",
      "dependsOn": [
        "[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
      ],
      "properties": {
        "state": "Enabled"
      }
    }
  ]
}

Configure with Azure PowerShell

Azure PowerShell snippet

Set-AzSqlDatabaseThreatDetectionPolicy -ResourceGroupName '<resource_group>' -ServerName '<server_name>' -DatabaseName '<database>' -StorageAccountName '<account_name>' -NotificationRecipientsEmails '<email>' -EmailAdmins $False

Links

• SE:10 Monitoring and threat detection
• SQL Advanced Threat Protection
• Microsoft Defender for SQL
• Azure deployment reference

Comments