turbot/azure_compliance

Control: 2.1.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'

Description

Turning on Microsoft Defender for SQL servers on machines enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.

Enabling Microsoft Defender for SQL servers on machines allows for greater defense-in-depth, functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database.

Remediation

From Azure Portal

  1. Go to Microsoft Defender for Cloud
  2. Select Environment Settings blade.
  3. Click on the subscription name.
  4. Select the Defender plans blade.
  5. Click Select types > in the row for Databases.
  6. Set the radio button next to SQL servers on machines to On.
  7. Select Continue.
  8. Select Save.

From Azure CLI

Run the following command:

az security pricing create -n SqlServerVirtualMachines --tier 'standard'

From Powershell

Run the following command:

Set-AzSecurityPricing -Name 'SqlServerVirtualMachines' -PricingTier 'Standard'

Default Value

By default, Microsoft Defender plan is off.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v210_2_1_4

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v210_2_1_4 --share

SQL

This control uses a named query:

securitycenter_azure_defender_on_for_sqlservervm

Tags