More Info:

Ensure that Microsoft Defender for Cloud is enabled for SQL database servers.

Risk Level

High

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers in Azure using Azure console, please follow the below steps:
  1. Login to the Azure portal (https://portal.azure.com/)
  2. Navigate to the Azure SQL Database Server for which you want to enable Microsoft Defender for Cloud
  3. Click on the “Security” tab on the left-hand side of the screen
  4. Under the “Threat detection” section, click on “Advanced Threat Protection”
  5. Click on “Enable” to enable Microsoft Defender for Cloud for the selected SQL Database Server
  6. A new window will open to configure the settings for Microsoft Defender for Cloud. You can choose the settings as per your requirement and click on “Save” once you are done.
  7. Microsoft Defender for Cloud will now be enabled for the selected Azure SQL Database Server.
Note: Microsoft Defender for Cloud is a paid service, so you will need to have a valid subscription to enable it.

To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers using Azure CLI, you can follow the below steps:
  1. Open the Azure CLI and login to your Azure account using the command: 
    az login
  2. Once you are logged in, set the subscription where your Azure SQL Database Server is deployed using the command: 
    az account set --subscription <subscription_id>
  3. Next, enable Microsoft Defender for Cloud for your Azure SQL Database Server using the command: 
    az security atp storage enable --resource-group <resource_group_name> --storage-account <storage_account_name>
    Replace <resource_group_name> with the name of the resource group where your Azure SQL Database Server is deployed and <storage_account_name> with the name of the storage account associated with the server.
  4. Verify the configuration by running the command: 
    az security atp storage show --resource-group <resource_group_name> --storage-account <storage_account_name>
    This command will display the current configuration of Microsoft Defender for Cloud for your Azure SQL Database Server.
By following these steps, you can successfully remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers using Azure CLI.
To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers in Azure using Python, follow these steps:
  1. Import the required libraries:
from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient
from azure.mgmt.security import SecurityCenter
  1. Set up the credentials to authenticate to Azure:
credential = DefaultAzureCredential()
subscription_id = "your-subscription-id"
  1. Create an instance of the SecurityCenter client:
security_center_client = SecurityCenter(
    credential=credential,
    subscription_id=subscription_id
)
  1. Get the Azure SQL Database Server resource ID:
resource_group_name = "your-resource-group-name"
server_name = "your-sql-server-name"

sql_client = SqlManagementClient(
    credential=credential,
    subscription_id=subscription_id
)

server = sql_client.servers.get(
    resource_group_name=resource_group_name,
    server_name=server_name
)

server_resource_id = server.id
  1. Enable Microsoft Defender for Cloud for the Azure SQL Database Server:
security_center_client.server_security_configurations.create(
    resource_group_name=resource_group_name,
    server_name=server_name,
    server_security_configuration_name="default",
    properties={
        "configuration_status": "Enabled",
        "data_collection": "Enabled",
        "auto_patching": "Enabled",
        "retention_days": 30
    }
)
This will create a new server security configuration named “default” and enable Microsoft Defender for Cloud for the Azure SQL Database Server. The data collection and auto-patching features will also be enabled, and logs will be retained for 30 days.Note: Ensure that the Azure SQL Database Server is already onboarded to Azure Security Center before executing the above code.