It’s a good idea to enable Azure Defender for SQL to improve the configuration and security of your databases. Whether you’re starting with Azure databases, or want to improve their current state, enabling Azure Defender for SQL helps you assess your databases and detect anomalies. Detect problems from security errors to misconfiguration.
What is Azure Defender for SQL?
To begin, Azure Defender for SQL includes two main capabilities that help you monitor the state of your Azure databases.
There are two main components to Azure Defender for SQL:
- SQL Vulnerability Assessment – This assesses the vulnerability of your databases and provides a summary with findings and actions. Take these actions to mitigate any vulnerabilities. This assessment includes a large number of security checks that can be reviewed here.
- SQL Advanced Threat Protection – This monitors your database to identify anomalous and malicious activities within your databases. This includes SQL injection attempts, notifying you immediately.
There are two distinctions in Azure Defender for SQL:
- Azure Defender for SQL includes:
- Azure SQL Database
- Azure SQL Managed Instance
- Dedicated SQL pool in Azure Synapse
- Azure Defender for SQL servers on machines includes:
- Azure SQL Servers in VM, onpremises or Azure Arc
This post covers option 1: Azure Defender for SQL.
Enable Azure Defender for SQL
First, to enable Azure Defender for SQL in Azure Synapse Analytics workspaces, navigate to the Azure Defender for SQL section.
In Azure SQL Databases, navigate to the Security Center section.
When you enable Azure Defender for SQL, it automatically provisions some resources for you.
Enabling Azure Defender
Azure Defender includes Azure Defender for SQL. This is my recommended approach for protecting your Azure services.
You can enable Azure Defender at the subscription level. This increases the cost, but it will contribute to your peace of mind.
SQL Vulnerability Assessment
Next, once you’ve enabled Azure Defender for SQL and periodic running scans, you will receive a weekly notification to the email address provided.
Receive an Email with a Vulnerability Assessment Summary
The email looks like the example below.
If you click “View Results,” this will take you to the Azure Portal so you can review your assessment.
You can also access assessments by finding the following section:
Review Vulnerability Assessment
When looking at Azure Defender for SQL’s vulnerability assessment, you’ll see that you can execute the assessment manually as well. This is extremely useful when resolving some of the issues within security checks.
Security checks show as part of the assessment. Findings that need to be reviewed are highlighted along with the security checks that passed.
If you open one of the security checks, you’ll see an explanation and the remediation!
Modify Vulnerability Assessment Alerts
Some of the security checks might not be relevant to your database configuration. You can define the current outcome of a security check as the baseline for that rule.
This means that the rule will not fail the next time you run the assessment.
Below, I have defined the current outcome of a rule as the baseline.
After running the Vulnerability Assessment manually, the security check will not fail.
Assigning Policies for Your Vulnerability Assessments
Additionally, you can enable policies at the management group or subscription level to ensure that vulnerability assessments are enabled.
SQL Advanced Threat Protection
When configuring advanced threat protection for your databases, it’s possible to enable or disable specific checks.
There are multiple options to choose from.
Once this option is enabled, you can monitor any possible threats.
You can also enable alerts to get emails.
In summary, it’s easy to enable Azure Defender for SQL and level up your security mechanisms to protect databases in Azure. This includes vulnerability assessments and threat protections.
I highly suggest enabling Azure Defender, or at a bare minimum Azure Defender for SQL.
In upcoming blog posts, we’ll continue to explore some of the features within Azure Services.
Please follow Tech Talk Corner on Twitter for blog updates, virtual presentations, and more!
As always, please leave any comments or questions below.