Forum Discussion
Microsoft Defender for SQL - No auto changes
Hello,
I wish to convince relevant team members to use Microsoft Defender for SQL and I wish to let them know that Microsoft Defender for SQL will not do any change automatically, without a manual action by a human, so they won't be unaware of any change or that anything will be blocked without their consent.
Is there an official web page or document that states so explicitly?
Hey eitan1000,
Microsoft Defender for SQL does not do any auto-blocking based on alerts or recommendations. You can configure triggers for logic apps and we want to give better tools for auto-remediation in the future but that would be an opt-in experience when relevant. We understand that security always comes with continuity of business, which is the purpose for the resource to exist in the first place.
When you enable Microsoft Defender for SQL on machines we add a lean XEvents session through which we monitor the relevant behavior, for Azure SQL it is done through a background stream.
2 Replies
Hey eitan1000,
Microsoft Defender for SQL does not do any auto-blocking based on alerts or recommendations. You can configure triggers for logic apps and we want to give better tools for auto-remediation in the future but that would be an opt-in experience when relevant. We understand that security always comes with continuity of business, which is the purpose for the resource to exist in the first place.
When you enable Microsoft Defender for SQL on machines we add a lean XEvents session through which we monitor the relevant behavior, for Azure SQL it is done through a background stream.
- Thank you very much! Please ask internally that MS will add this info, so it will be explicitly mentioned up front to current and potential customers, to save them asking like I did here.
