Enable Microsoft Defender for Cloud for Azure SQL Database Servers

More Info:

Ensure that Microsoft Defender for Cloud is enabled for SQL database servers.

Risk Level

High

Address

Security, Operational Maturity

Compliance Standards

CISAZURE, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers using Azure CLI, you can follow the below steps:

Open the Azure CLI and login to your Azure account using the command:
```
az login
```
Once you are logged in, set the subscription where your Azure SQL Database Server is deployed using the command:
```
az account set --subscription <subscription_id>
```
Next, enable Microsoft Defender for Cloud for your Azure SQL Database Server using the command:
```
az security atp storage enable --resource-group <resource_group_name> --storage-account <storage_account_name>
```
Replace <resource_group_name> with the name of the resource group where your Azure SQL Database Server is deployed and <storage_account_name> with the name of the storage account associated with the server.
Verify the configuration by running the command:
```
az security atp storage show --resource-group <resource_group_name> --storage-account <storage_account_name>
```
This command will display the current configuration of Microsoft Defender for Cloud for your Azure SQL Database Server.

By following these steps, you can successfully remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers using Azure CLI.

Using Python

To remediate the misconfiguration of enabling Microsoft Defender for Cloud for Azure SQL Database Servers in Azure using Python, follow these steps:

Import the required libraries:

from azure.identity import DefaultAzureCredential
from azure.mgmt.sql import SqlManagementClient
from azure.mgmt.security import SecurityCenter

Set up the credentials to authenticate to Azure:

credential = DefaultAzureCredential()
subscription_id = "your-subscription-id"

Create an instance of the SecurityCenter client:

security_center_client = SecurityCenter(
    credential=credential,
    subscription_id=subscription_id
)

Get the Azure SQL Database Server resource ID:

resource_group_name = "your-resource-group-name"
server_name = "your-sql-server-name"

sql_client = SqlManagementClient(
    credential=credential,
    subscription_id=subscription_id
)

server = sql_client.servers.get(
    resource_group_name=resource_group_name,
    server_name=server_name
)

server_resource_id = server.id

Enable Microsoft Defender for Cloud for the Azure SQL Database Server:

security_center_client.server_security_configurations.create(
    resource_group_name=resource_group_name,
    server_name=server_name,
    server_security_configuration_name="default",
    properties={
        "configuration_status": "Enabled",
        "data_collection": "Enabled",
        "auto_patching": "Enabled",
        "retention_days": 30
    }
)

This will create a new server security configuration named “default” and enable Microsoft Defender for Cloud for the Azure SQL Database Server. The data collection and auto-patching features will also be enabled, and logs will be retained for 30 days.Note: Ensure that the Azure SQL Database Server is already onboarded to Azure Security Center before executing the above code.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable Microsoft Defender for Cloud for Azure SQL Database Servers

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation