Hi All,
Time for another blog post where we going to cover Defender for Cloud with a resource integration. For this blog its time for a SQL server to be integrated and protected with Defender for Cloud. So lets see what kind of alerts we can expect from protecting the SQL server.
Not sure where to start first with defender for cloud setup, check out my other blog: Getting started with Defender for Cloud (kooijman.cloud)
When you deploy a new SQL server, you can enable Defender for Cloud during the configuration steps.
For already deployed SQL Servers and other DB's you can start protecting them for the defender plans menu on subscription level. Also note that you toggle between the different Database option.
Now that we are on this page, it will remark that not all the configuration is done. We have to enable the Log Analytics Workspace for the collection for security related config and event logs.
After a cup of coffee (or 3) our SQL DB starts showing up in Defender for Cloud.
If you wish you can also check the Defender status on the Azure SQL server its self.
Now lets solve the 2 remaining recommendations. First we going to enable Auditing on the SQL Server, what is a easy we that we can fix from the Defender for Cloud center by selecting the recommendation.
As you maybe have spotted, our SQL server already has a Private Endpoint but still has public network access enabled, so here goes the last one.
There we go, another healthy resource in Defender for Cloud.
Be aware that the SQL Server will report as a resource and the DB running on it as a separate resource.
That's it for now!
Hopefully you will find my post useful, and check out my other blogs on integration of other resources with Defender for Cloud.
Small hint, in the next blog post we are going to use Azure Arc!
