Description
Turning on Microsoft Defender for Azure SQL Databases enables threat detection for Managed Instance Azure SQL databases, providing threat intelligence, anomaly detection, and behavior analytics in Microsoft Defender for Cloud.
Rationale
Enabling Microsoft Defender for Azure SQL Databases allows for greater defense-in-depth, includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database.
Impact
Turning on Microsoft Defender for Azure SQL Databases incurs an additional cost per resource.
Audit
This policy flags an Azure Subscription as INCOMPLIANT if the related Azure Defender Plan for Managed Instance Azure SQL Databases has its Pricing Tier set to Free.
A Subscription is also marked as INCOMPLIANT if the Defender Plan for Managed Instance Azure SQL Databases does not exist in the CMDB.
Default Value
By default, Microsoft Defender plan is off.
References
- https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities
- https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/list
- https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
- https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-data-protection#dp-2-monitor-anomalies-and-threats-targeting-sensitive-data
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-1-enable-threat-detection-capabilities