Description
Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in Microsoft Defender for Cloud.
Rationaleβ
Enabling Microsoft Defender for SQL servers on machines allows for greater defense-in-depth, functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database.
Impactβ
Turning on Microsoft Defender for SQL servers on machines incurs an additional cost per resource.
Auditβ
This policy flags an Azure Subscription as INCOMPLIANT if the related Azure Defender Plan for SQL Servers on Virtual Machines has its Pricing Tier set to Free.
A Subscription is also marked as INCOMPLIANT if the Defender Plan for SQL Servers on Virtual Machines does not exist in the CMDB.
Default Valueβ
By default, Microsoft Defender plan is off.
Referencesβ
- https://docs.microsoft.com/en-us/azure/security-center/defender-for-sql-usage
- https://docs.microsoft.com/en-us/azure/security-center/security-center-detection-capabilities
- https://docs.microsoft.com/en-us/rest/api/securitycenter/pricings/update
- https://docs.microsoft.com/en-us/powershell/module/az.security/get-azsecuritypricing
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-data-protection#dp-2-monitor-anomalies-and-threats-targeting-sensitive-data
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-1-enable-threat-detection-capabilities