Description:

Microsoft Defender for Open-Source Relational Databases is a security feature within Microsoft Defender for Cloud that provides advanced threat protection for open-source relational database services, including MySQL, PostgreSQL, and MariaDB hosted in Azure.

Turning this feature on ensures that your open-source database environments are proactively protected, continuously monitored, and aligned with security best practices.


Rationale:

By enabling Microsoft Defender for Open-Source Relational Databases, you gain the following benefits:

  • Increased security: Continuous monitoring for vulnerabilities and threats in open-source databases such as MySQL, PostgreSQL, and MariaDB.

  • Early detection: Alerts on any potential attack or misconfiguration, such as SQL injection attempts, data leaks, or malicious access.

  • Improved compliance: Helps meet regulatory requirements by ensuring that databases are properly secured and continuously monitored.


Impact:

  • Provide continuous monitoring and real-time threat detection for MySQL, PostgreSQL, and MariaDB.

  • Increase visibility into vulnerabilities, misconfigurations, and suspicious activity through Microsoft Defender for Cloud dashboards.

  • Enable proactive risk mitigation and improved compliance posture.

Default Value:

By default, Microsoft Defender for Open-Source Relational Databases is not enabled.


Pre-requisites:

  • Azure subscription with Microsoft Defender for Cloud enabled.

  • Global Administrator or Security Administrator permissions to enable and configure Microsoft Defender for Open-Source Relational Databases.


Test Plan:

  1. Sign in to the Azure Portal https://portal.azure.com .

  2. Search for Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings, then choose the subscription where your Open-Source Relational Databases is located.

  4. Under Cloud Workload Protection (CWPP), go to Databases, click Select types, choose Open-Source Relational Databases, and verify whether it is turned On or Off.”

  5. If it is OFF, follow the Implementation steps.


Implementation Steps:

  1. Sign in to the Azure Portal https://portal.azure.com .

  2. Search for Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings, then choose the subscription where your Open-Source Relational Databases is located.



  1. Under Cloud Workload Protection (CWPP), in Databases, click Select types, choose Open-Source Relational Databases, and set it to on.

  1. Click on continue and save the changes.

Backout Plan:

  1. Sign in to the Azure Portal https://portal.azure.com .

  2. Search for Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings, then choose the subscription where your Open-Source Relational Databases are located.

  4. Under Cloud Workload Protection (CWPP), in Databases, click Select types, choose Open-Source Relational Databases, and set it to off.

  5. Save it.

Reference: