Description:

Azure Defender uses advanced security analytics and machine-learning technologies to evaluate events across the entire cloud fabric. Turning on Azure Defender enables threat detection for Server, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.


Rationale:

Azure Defender for Servers is the first Azure Defender plan available in the price settings for the subscription, and when you enable Azure Defender for Servers, the following are some of the features become available:

  • Threat detections for supported versions of Windows and Linux.

  • Integration with Microsoft Defender for Endpoint (MDE), which is the Microsoft Endpoint Detection and Response (EDR) solution. In this case, the license is included for Servers only and not clients.

  • Regulatory compliance dashboard.


Impact:

Azure Defender for Azure SQL database servers protects:

  • Azure SQL Database

  •  Azure SQL Managed Instance

  •  Dedicated SQL pool in Azure Synapse

Note: Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.


Default Value:

By default, Azure Defender off is selected.


Audit:

  1. Signin into your Azure account.

  2. Go to Security Center

  3. Select Pricing & settings blade

  4. Click on the appropriate subscription name for which you wanted to turn on the defender on

  5. Select the Azure Defender plans blade

  6. Review the chosen pricing tier(Enhanced Security plan must be selected). For the Azure SQL Databases resource type Plan should be set to On


Remediation:

Pre-requisites:

  1. An Azure account

  2. An Azure Defender plan for Enhanced security plan (Azure Defender is free for the first 30 days. At the end of 30 days, if you choose to continue using the service, you’ll automatically charged for usage).


Implementation Steps:

  1. Go to Security Center

  2. Select Pricing & settings blade

  3. Click on the subscription name

  4. Select the Azure Defender plans blade

  5. For the Azure SQL Databases resource type Plan should be set to On.



Backout Plan:

  1. Go to Security Center

  2. Select Pricing & settings blade

  3. Click on the subscription name

  4. Select the Azure Defender plans blade

  5. Review the chosen pricing tier. For the Azure SQL Databases resource type Plan should be set to Off(To revoke the changes to default).


References:

Azure Defender for SQL - the benefits and features

Overview of Azure Defender and the available plans