More Info:
Ensure that Microsoft Defender for Cloud is enabled for SQL database servers.Risk Level
HighAddress
Security, Operational MaturityCompliance Standards
CISAZURE, CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers in Azure using Azure console, please follow the below steps:
- Login to the Azure portal (https://portal.azure.com/)
- Navigate to the Azure SQL Database Server for which you want to enable Microsoft Defender for Cloud
- Click on the “Security” tab on the left-hand side of the screen
- Under the “Threat detection” section, click on “Advanced Threat Protection”
- Click on “Enable” to enable Microsoft Defender for Cloud for the selected SQL Database Server
- A new window will open to configure the settings for Microsoft Defender for Cloud. You can choose the settings as per your requirement and click on “Save” once you are done.
- Microsoft Defender for Cloud will now be enabled for the selected Azure SQL Database Server.
Using CLI
Using CLI
To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers using Azure CLI, you can follow the below steps:
-
Open the Azure CLI and login to your Azure account using the command:
-
Once you are logged in, set the subscription where your Azure SQL Database Server is deployed using the command:
-
Next, enable Microsoft Defender for Cloud for your Azure SQL Database Server using the command:
Replace
<resource_group_name>
with the name of the resource group where your Azure SQL Database Server is deployed and<storage_account_name>
with the name of the storage account associated with the server. -
Verify the configuration by running the command:
This command will display the current configuration of Microsoft Defender for Cloud for your Azure SQL Database Server.
Using Python
Using Python
To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers in Azure using Python, follow these steps:This will create a new server security configuration named “default” and enable Microsoft Defender for Cloud for the Azure SQL Database Server. The data collection and auto-patching features will also be enabled, and logs will be retained for 30 days.Note: Ensure that the Azure SQL Database Server is already onboarded to Azure Security Center before executing the above code.
- Import the required libraries:
- Set up the credentials to authenticate to Azure:
- Create an instance of the
SecurityCenter
client:
- Get the Azure SQL Database Server resource ID:
- Enable Microsoft Defender for Cloud for the Azure SQL Database Server: