Description :

Microsoft Defender for SQL Servers on Machines is a security feature within Microsoft Defender for Cloud that delivers advanced threat protection for SQL Server instances running on virtual machines (VMs), whether they are hosted in Azure, on-premises, or in other cloud environments through Azure Arc.

Rationale:

Enabling Microsoft Defender for SQL Servers on Machines helps:

  • Detect threats: Identify malicious activities such as SQL injection attempts, unauthorized access, and misconfigurations in SQL Servers running on VMs.

  • Prevent data breaches: By providing proactive monitoring and alerts, it helps detect and mitigate threats before they lead to data breaches or system compromise.


Impact:

Setting Microsoft Defender for SQL Servers on Machines to 'On' will:

  • Increase security by providing advanced monitoring and protection for SQL Servers running on VMs.

  • Generate more alerts: It will trigger alerts for suspicious activities or vulnerabilities found in SQL Servers. While this helps improve security, it may require attention to manage and respond to these alerts.



Default Value:

  • By default, Microsoft Defender for SQL Servers on Machines is not enabled.


Pre-requisites:

  • Azure subscription with Microsoft Defender for Cloud enabled.

  • Global Administrator or Security Administrator permissions to enable and configure Microsoft Defender for SQL servers on machines.


Test Plan:

  1. Sign in to the Azure Portal.

  2. Search for Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings, then choose the subscription where your SQL servers on machines are located.

  4. In Cloud Workload Protection (CWPP), in  Databases, click Select types, and check whether it is on or off.

     

  1. If it is OFF, follow the Implementation Steps.


Implementation Steps:

  1. Sign in to the Azure Portal.

  2. Search for Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings, then choose the subscription where your MySQL servers on machines are located.

           

  1. In Cloud Workload Protection (CWPP), in Databases, click Select types, and turn on for SQL servers on machines.

         

  1. Save it

Backout Plan:

  1. Sign in to the Azure Portal.

  2. Search for Microsoft Defender for Cloud.

  3. Under the management section, select the Environment settings, then choose the subscription where your MySQL servers on machines are located.

  4. In Cloud Workload Protection (CWPP), in  Databases, click Select types, and turn off for SQL servers on machines.

  5. Click on continue and save it

Reference: