Forum Discussion
Anyone using Defender for SQL for on-prem Azure Arc connected SQL servers?
We have had around 20 on-premise SQL Servers connected via Azure Arc for several months, but there have been no alerts generated in Defender for Cloud. If it is working as intended, I'm glad we have had no suspicious activity. But I'm also concerned something may not be configured correctly. In my experience with security products, there is typically a tuning period needed to eliminate false positives. Does anyone know if there is anything we can do on the DB to trigger an alert, just to make sure everything is working?
I'll just add that all the servers/DBs show as "Connected" in Azure > Azure Arc > SQL Servers, and show "Protected" on the Microsoft Defender for Cloud tab. There are also "Recommendations" and "Vulnerability assessment findings" for each server. So everything appears to be connected, there just are not any alerts.
1 Reply
Hi, it's not necessary to get alerts if your servers are not under any attack and since recommendations and vulnerabilities are appearing, that's means your config is fine. you can simulate a bruce force attack on one of your SQL server on prem connected to DFC through Azure Arc. Follow the step 3 in the below link
Enabling Microsoft Defender for Cloud for Arc Enabled SQL Server Machines - Microsoft Community Hub
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
