Tech Talk Corner Sign up with your email address to be the first to know about new publications

Azure Defender for SQL

Posted on

It’s a good idea to enable Azure Defender for SQL to improve the configuration and security of your databases. Whether you’re starting with Azure databases, or want to improve their current state, enabling Azure Defender for SQL helps you assess your databases and detect anomalies. Detect problems from security errors to misconfiguration. 

What is Azure Defender for SQL? 

To begin, Azure Defender for SQL includes two main capabilities that help you monitor the state of your Azure databases.  

There are two main components to Azure Defender for SQL: 

  • SQL Vulnerability Assessment – This assesses the vulnerability of your databases and provides a summary with findings and actions. Take these actions to mitigate any vulnerabilities. This assessment includes a large number of security checks that can be reviewed here
  • SQL Advanced Threat Protection – This monitors your database to identify anomalous and malicious activities within your databases. This includes SQL injection attempts, notifying you immediately. 

There are two distinctions in Azure Defender for SQL: 

  1. Azure Defender for SQL includes: 
  • Azure SQL Database 
  • Azure SQL Managed Instance 
  • Dedicated SQL pool in Azure Synapse 
  1. Azure Defender for SQL servers on machines includes: 
  • Azure SQL Servers in VM, onpremises or Azure Arc 

This post covers option 1: Azure Defender for SQL. 

Enable Azure Defender for SQL 

First, to enable Azure Defender for SQL in Azure Synapse Analytics workspaces, navigate to the Azure Defender for SQL section. 

navigate to the Azure Defender for SQL section.

In Azure SQL Databases, navigate to the Security Center section. 

In Azure SQL Databases, navigate to the Security Center section.

When you enable Azure Defender for SQL, it automatically provisions some resources for you. 

Enabling Azure Defender 

Azure Defender includes Azure Defender for SQL. This is my recommended approach for protecting your Azure services.  

You can enable Azure Defender at the subscription level. This increases the cost, but it will contribute to your peace of mind. 

Azure Defender includes Azure Defender for SQL.

SQL Vulnerability Assessment  

Next, once you’ve enabled Azure Defender for SQL and periodic running scans, you will receive a weekly notification to the email address provided. 

Receive an Email with a Vulnerability Assessment Summary 

The email looks like the example below.  

If you click “View Results,” this will take you to the Azure Portal so you can review your assessment. 

You can also access assessments by finding the following section: 

You can also access assessments by finding the following section:

Review Vulnerability Assessment 

When looking at Azure Defender for SQL’s vulnerability assessment, you’ll see that you can execute the assessment manually as well. This is extremely useful when resolving some of the issues within security checks. 

review vulnerability assessment

Security checks show as part of the assessment. Findings that need to be reviewed are highlighted along with the security checks that passed. 

If you open one of the security checks, you’ll see an explanation and the remediation! 

If you open one of the security checks, you'll see an explanation and the remediation!

Modify Vulnerability Assessment Alerts 

Some of the security checks might not be relevant to your database configuration. You can define the current outcome of a security check as the baseline for that rule.  

This means that the rule will not fail the next time you run the assessment. 

Below, I have defined the current outcome of a rule as the baseline. 

After running the Vulnerability Assessment manually, the security check will not fail.  

After running the Vulnerability Assessment manually, the security check will not fail.

Assigning Policies for Your Vulnerability Assessments  

Additionally, you can enable policies at the management group or subscription level to ensure that vulnerability assessments are enabled. 

 enable policies at the management group or subscription level to ensure that vulnerability assessments are enabled.

SQL Advanced Threat Protection 

When configuring advanced threat protection for your databases, it’s possible to enable or disable specific checks. 

When configuring advanced threat protection for your databases, it’s possible to enable or disable specific checks.

There are multiple options to choose from. 

Once this option is enabled, you can monitor any possible threats. 

You can also enable alerts to get emails. 

Summary 

In summary, it’s easy to enable Azure Defender for SQL and level up your security mechanisms to protect databases in Azure. This includes vulnerability assessments and threat protections. 

I highly suggest enabling Azure Defender, or at a bare minimum Azure Defender for SQL. 

What’s Next?      

In upcoming blog posts, we’ll continue to explore some of the features within Azure Services.      

Please follow Tech Talk Corner on Twitter for blog updates, virtual presentations, and more!          

As always, please leave any comments or questions below.          

Check out these other blog posts

comment [ 0 ]
share
No tags 0

No Comments Yet.

Do you want to leave a comment?

Your email address will not be published. Required fields are marked *