Forum Discussion

Roberts951's avatar
Roberts951
Copper Contributor
Sep 04, 2023
Solved

SQL Advanced Threat Protection - Requirements Unclear

When configuring Defender for SQL, nothing suggests auditing is required for ATP to work. However, when looking at audit section https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-o...
sql
threat protection
  • elieelkarkafi's avatar
    elieelkarkafi
    Sep 05, 2023
    SQL auditing is not a requirement for MDC to protect your Azure SQL, it's a recommendation based on the MS benchmark to increase your posture score. MDC will work if SQL audit is enabled or not.
elieelkarkafi's avatar
elieelkarkafi
MVP
Sep 05, 2023

Roberts951 once you turn on the Defender for Cloud for Azure SQL, MDC will automatically trigger a list of recommendations to apply for you Azure SQL based on Microsoft cloud security benchmark standard, see example below 

 

 

  • Roberts951's avatar
    Roberts951
    Copper Contributor
    Sep 05, 2023
    It doesn't specify that the auditing is a requirement for the APT functionality to be able to correlate and create alerts.
    • elieelkarkafi's avatar
      elieelkarkafi
      MVP
      Sep 05, 2023
      SQL auditing is not a requirement for MDC to protect your Azure SQL, it's a recommendation based on the MS benchmark to increase your posture score. MDC will work if SQL audit is enabled or not.
      • Roberts951's avatar
        Roberts951
        Copper Contributor
        Sep 06, 2023
        This is spot on - confirmed with with MS support as well.

Resources