Forum Discussion
Solved
SQL Advanced Threat Protection - Requirements Unclear
When configuring Defender for SQL, nothing suggests auditing is required for ATP to work. However, when looking at audit section https://learn.microsoft.com/en-us/azure/azure-sql/database/auditing-o...
- SQL auditing is not a requirement for MDC to protect your Azure SQL, it's a recommendation based on the MS benchmark to increase your posture score. MDC will work if SQL audit is enabled or not.
Just wanted to chime in here.
There are 2 concepts: Microsoft Defender for SQL and Advanced Threat Protection.
As you mentioned, MD for SQL does not rely on Auditing. But, the Advanced Threat Protection does.
https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql
https://learn.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview?view=azuresql
There are 2 concepts: Microsoft Defender for SQL and Advanced Threat Protection.
As you mentioned, MD for SQL does not rely on Auditing. But, the Advanced Threat Protection does.
https://learn.microsoft.com/en-us/azure/azure-sql/database/azure-defender-for-sql?view=azuresql
https://learn.microsoft.com/en-us/azure/azure-sql/database/threat-detection-overview?view=azuresql
It seems like a recommendation rather than a requirements as per wording: "For a full investigation experience, it is recommended to enable auditing,"
The MS support member also ran a test where he disabled auditing and ran a brute-force attack, which was picked up by that ATP functionality.
The MS support member also ran a test where he disabled auditing and ran a brute-force attack, which was picked up by that ATP functionality.