Description:

Microsoft Defender for Databases is a security feature in Microsoft Defender for Cloud that provides advanced threat protection for database services running in Azure. When enabled, it delivers continuous monitoring, vulnerability assessment, and behavioral analytics to detect malicious activity, suspicious access patterns, SQL injection attempts, misconfigurations, and potential exploitation of database systems.


Rationale:

Turning on Microsoft Defender for Databases significantly strengthens your database security posture by:

  • Improving Threat Detection: Identifies SQL injection attempts, brute-force attacks, abnormal login behavior, data exfiltration patterns, and other malicious activity.

  • Enhancing Compliance: Helps meet industry and regulatory requirements through continuous security assessment and detailed findings.

  • Reducing Risk: Detects misconfigurations, weak security settings, and vulnerabilities before attackers exploit them.


Impact:

Enabling Microsoft Defender for Databases has the following effects:

  • Continuous monitoring and protection for all supported database types

  • Early detection of threats and abnormal behavior

  • Detailed insights and recommendations to improve database security

  • Reduced the likelihood of successful attacks or data exposure


Default Value:

By default, Microsoft Defender for Databases is NOT enabled.
It must be manually turned on per subscription, per database type, or enforced through Azure Policy or Defender for Cloud configuration.


Pre-requisites:

  • Azure subscription with Microsoft Defender for Cloud enabled.

  • Global Administrator or Security Administrator permissions to enable and configure Microsoft Defender for Databases.


Test Plan:

  1. Sign in to the Azure Portal https://portal.azure.com.

  2. Search for  Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings. 

  4. Scroll down and select your subscription where your Database is deployed.

  5. In the Cloud Workload Protection (CWPP), locate the Databases, and check if Microsoft Defender for the Databases is enabled or disabled.



  1. If it is OFF, follow the Implementation steps


Implementation steps:

  1. Sign in to the Azure Portal https://portal.azure.com.

  2. Search for  Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings. 

  4. Scroll down and select your subscription where your Database is deployed.


  1. In the Cloud Workload Protection (CWPP) section, locate Databases and turn On Microsoft Defender for Databases.



  1. Save it


Backout Plan:

  1. Sign in to the Azure Portal https://portal.azure.com.

  2. Search for  Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings. Scroll down and select your subscription where your Database is deployed.

  4. In the Cloud Workload Protection (CWPP), locate the Databases, and OFF the Microsoft Defender for the Databases.




Reference: