iCompaas Support

Description:

Microsoft Defender for Azure SQL Databases provides advanced threat protection for Azure SQL Database workloads. When enabled, it adds a layer of intelligent, cloud-native security that continuously monitors database activity, identifies potential attacks or anomalous behaviors, and detects vulnerabilities or misconfigurations.

Rationale:

Enabling Microsoft Defender for Azure SQL Databases is a critical security control because it:

• Provides continuous threat monitoring to detect malicious or suspicious activity in real time.

• Identifies vulnerabilities and misconfigurations that could expose data or weaken security posture.

• Supports regulatory requirements by offering continuous monitoring aligned with frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR.

Impact:

Turning on Microsoft Defender for Azure SQL Databases will:

• Increase visibility into potential threats, security risks, and anomalous activity.

• Generate alerts for suspicious behavior, unauthorized access attempts, and database vulnerabilities.

• Enhance compliance readiness by ensuring databases are continuously monitored and aligned with security best practices.

The main impact is cost, as Microsoft Defender is a paid security feature charged per database or per server tier. There is no performance impact on SQL workloads.

Default Value:

By default, Microsoft Defender for Azure SQL Databases is not enabled.

Pre-requisites:

• Azure subscription with Microsoft Defender for Cloud enabled.

• Global Administrator or Security Administrator permissions to enable and configure Microsoft Defender for Azure SQL Database.

Test Plan:

1. Sign in to the Azure Portal.

2. Search for Microsoft Defender for Cloud.

3. Under the management section, select the Environment settings, then choose the subscription where your Azure SQL Database is located.

4. In Cloud Workload Protection (CWPP), in  Databases, click Select types, and check whether it is turned on or off for SQL servers on machines.

5. If it is OFF, follow the implementation plan.

Implementation Steps:

1. Sign in to the Azure Portal.

2. Search for Microsoft Defender for Cloud.

3. Under the management section, select the Environment settings, then choose the subscription where your Azure SQL Database is located.

4. In Cloud Workload Protection (CWPP), in  Databases, click Select types, and turn ON for the Azure SQL Database.

5. Save it.

Backout Plan:

1. Sign in to the Azure Portal.

2. Search for Microsoft Defender for Cloud.

3. Under the management section, select the Environment settings, then choose the subscription where your Azure SQL Database is located.

4. In Cloud Workload Protection (CWPP), in  Databases, click Select types, and turn OFF for the Azure SQL Database.

5. save it

References:

• https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-sql-database-plan