Enable Azure Defender for Azure SQL Database Servers

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk level: High (not acceptable risk)

Ensure that the Azure Defender security feature is enabled for the Microsoft Azure SQL database servers. Azure Defender for SQL database servers includes functionalities for discovering and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your SQL databases. Azure Defender for SQL database servers protects Azure SQL managed database instances and dedicated SQL pools in Azure Synapse.

Security

By default, the security feature is disabled for your SQL database servers. Azure Defender for Microsoft Azure SQL database servers continuously monitors your SQL servers for threats such as SQL injection, brute-force attacks, and privilege abuse. The feature provides action-oriented security alerts in Azure Security Center (ASC) with details of the suspicious activity and guidance on how to mitigate to the security threats.


Audit

To determine if the Azure Defender feature is enabled for your Azure SQL database servers, perform the following operations:

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the blade navigation panel, under Management, choose Pricing & Settings.

04 On the Pricing & Settings page, click on the name of the Azure subscription that you want to examine, to access the Azure Security Center pricing and settings.

05 In the left navigation panel, under Settings, choose Azure Defender plans to view the Azure Defender pricing plans available for your subscription.

06 Select Azure Defender on to make sure that the security feature is enabled for the selected subscription, and check the Azure Defender pricing plan status for Azure SQL Databases, available in the Plan column. If the pricing plan status for Azure SQL Databases is set to Off, Azure Defender is not enabled for the Microsoft Azure SQL database servers provisioned in the selected subscription.

07 Repeat step no. 4 – 6 for each Azure subscription available within your cloud account.

Using Azure CLI

01 Run account get-access-token command (Windows/macOS/Linux) with custom query filters to describe the name of the Azure Defender pricing plan configured for Azure SQL database servers, within the current subscription:

az account get-access-token
  --query "{subscription:subscription,accessToken:accessToken}"
  --out tsv | xargs -L1 bash -c 'curl -X GET -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings?api-version=2018-06-01' | jq '.|.value[] | select(.name=="SqlServers")'|jq '.properties.pricingTier'

02 The command output should return the name of the configured pricing tier:

"Free"

If the account get-access-token command output does not return "Standard" for the name of the pricing tier, Azure Defender is not enabled for the Microsoft Azure SQL database servers provisioned within the current subscription.

03 Repeat step no. 1 and 2 for each Azure subscription available in your cloud account.

Remediation / Resolution

To enable Azure Defender for your Microsoft Azure SQL database servers, perform the following operations:

Note: Turning on Azure Defender in Azure Security Center (ASC) incurs an additional cost per resource.

Using Azure Console

01 Sign in to the Azure Management Console.

02 Navigate to Azure Security Center blade at https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/.

03 In the blade navigation panel, under Management, choose Pricing & Settings.

04 On the Pricing & Settings page, click on the name of the Azure cloud subscription that you want to access.

05 In the left navigation panel, under Settings, choose Azure Defender plans to view the Azure Defender pricing plans available for the selected subscription.

06 Select Azure Defender on to make sure that the security feature is enabled for your subscription, then choose On for the Azure SQL Databases pricing plan listed in the Plan column, to enable Azure Defender for your Microsoft Azure SQL database servers. Choose Save from the blade main menu to apply the changes.

07 Repeat step no. 4 – 6 for each Azure subscription available within your cloud account.

Using Azure CLI

01 Define the specifications required for the account get-access-token command, where the Azure Defender pricing plan for Microsoft Azure SQL database servers is enabled by setting the feature pricing tier to "Standard". Replace the highlighted information, i.e. <azure-subscription-id>, with your own Azure subscription ID and save the content to a JSON file named enable-defender-for-sql-databases.json:

{
  "id": "/subscriptions/<azure-subscription-id>/providers/Microsoft.Security/pricings/SqlServers",
  "name": "SqlServers",
  "type": "Microsoft.Security/pricings",
  "properties": {
    "pricingTier": "Standard"
  }
}

02 Run account get-access-token command (Windows/macOS/Linux) using the specifications defined at the previous step (i.e. enable-defender-for-sql-databases.json configuration file) to turn on Azure Defender for the Microsoft Azure SQL database servers provisioned in the selected subscription:

az account get-access-token
  --query "{subscription:subscription,accessToken:accessToken}"
  --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/SqlServers?api-version=2018-06-01 -d@"enable-defender-for-sql-databases.json"'

03 The command output should return the information available for the enabled pricing tier:

{
  "id": "/subscriptions/<azure-subscription-id>/providers/Microsoft.Security/pricings/SqlServers",
  "name": "SqlServers",
  "type": "Microsoft.Security/pricings",
  "properties": {
    "pricingTier": "Standard",
    "freeTrialRemainingTime": "PT0S"
  }
}

04 Repeat steps no. 1 – 3 for each Azure cloud subscription available in your cloud account.

References

Publication date Sep 20, 2021

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Azure Defender for Azure SQL Database Servers

Risk level: High