Microsoft Defender for Cloud support for Azure Database for MySQL - Flexible Server - GA
Published Apr 05 2024 02:14 PM 4,718 Views
Microsoft

We’re excited to announce general availability of Microsoft Defender for Cloud support for Azure Database for MySQL - Flexible Server. Defender for Cloud provides Advanced Threat Protection (ATP) as part of the Microsoft Defender for open-source relational databases plan and simplifies security management of your MySQL flexible server by enabling effortless threat prevention, detection, and mitigation through increased visibility into and control over harmful events.

 

With Defender for Cloud, you don’t need to be a security expert to safeguard your MySQL flexible server against today’s growing threat landscape. Defender for Cloud uses integrated security monitoring to detect anomalous database access and query patterns, as well as suspicious database activities, to provide security recommendations and alerts. 

 

These recommendations and alerts are categorized and assigned severity levels, indicating what triggered them, the associated MITRE ATT&CK tactic, and the seriousness of the potential threat to your server in real-time. 

 

When Defender for Cloud issues a security recommendation or alert, it identifies the steps you can take to remediate the threat and secure your MySQL flexible server. 

 

oss-defender-atp-alerts.png

Enabling Defender for Cloud

Note: Defender is not yet available for flexible servers in sovereign clouds like Mooncake and Fairfax.

 

To enable Defender for Cloud for MySQL - Flexible Server after the creation of a new server, in the Azure Portal, navigate to the server’s Security menu, select Microsoft Defender for Cloud, and then select Enable. 

azure-database-mysql-flexible-server-enable-defender.png

 

Note: When you try to enable Defender on MySQL flexible servers that are awaiting an internal update, the following error may appear: 

 

"The server <server_name> is not compatible with Advanced Threat Protection. Please contact Microsoft support to update the server to a supported version." 

 

While this error will be resolved automatically with the next internal update, you can also open a support ticket to force an immediate update. 

 

Configuring Microsoft Defender for Cloud properties in Flexible Server

 

When you migrate from Azure Database for MySQL - Single Server to Flexible Server with Defender for Cloud enabled, the enablement state is preserved. To achieve parity in Flexible Server for properties you can configure in Single Server, consider the details in the following table.

. 

Property Configuration
properties.disabledAlerts You can disable specific alert types by using the Microsoft Defender for Cloud platform. For more information, see the article Suppress alerts from Microsoft Defender for Cloud guide.

properties.emailAccountAdmins

properties.emailAddresses
You can centrally define email notification for Microsoft Defender for Cloud Alerts for all resources in a subscription. For more information, see the article Quickstart: Configure email notifications for security alerts.

properties.retentionDays

properties.storageAccountAccessKey

properties.storageEndpoint
The Microsoft Defender for Cloud platform exposes alerts through Azure Resource Graph. You can export alerts to a different store and manage retention separately. For more about continuous export, see the article Set up continuous export in the Azure portal - Microsoft Defender for Cloud

 

Demonstration

 

For a demonstration of this functionality, see the following video:

 

 

Conclusion

 

In this post, I’ve described Defender for Cloud and how it can simplify security management for your MySQL flexible server.  

 

If you have any questions about the details provided above, please leave a comment below or email us at  AskAzureDBforMySQL@service.microsoft.com. Thank you! 

 

Resources

For additional information, see the blog post What’s new in Defender for open-source relational databases?.

Co-Authors
Version history
Last update:
‎May 20 2024 05:43 PM
Updated by: