Azure Defender PoC Series – Azure Defender for SQL

Published Aug 18 2021 04:22 AM 1,977 Views

Introduction

This article is a continuation of Azure Defender PoC Series which provides you guidelines on how to perform a proof of concept for a specific Azure Defender plan. For a more holistic approach where you need to validate Azure Security Center and Azure Defender, please read How to Effectively Perform an Azure Security Center PoC article

 

There can be many security vulnerabilities in databases that are sometimes taken advantage of by malicious actors. According to the Github 2020 report, a vulnerability typically goes undetected for 218 weeks (just over four years) before being disclosed and fixed. Injection attacks, such as those on SQL and NoSQL, are among the most popular types of cyberattacks for web applications (as per OWASP Top 10).

SQL Injection attacks, brute-force attacks, SQL shell OS attacks leading to crypto-mining and ransomware, , can be detected and remediated by the Azure Defender for SQL plan.

 

sqlpocfig1.PNG

Azure Defender for SQL has two main capabilities that together will protect your SQL environments from cyberattacks. These capabilities are:

  • Vulnerability Assessment, which is a service that helps you identify and remediate vulnerabilities in your database environments to improve your security posture
  • Advanced Threat Protection, which detects suspicious activities related to your databases and alerts you with details and recommended actions.

 

Planning

So, what actually gets protected through Azure Defender for SQL?

There are two Azure Defender plans that are comprised as part of Azure Defender for SQL:

There is also a third plan called Azure Defender for open-source relational databases that brings threat protection for:

 

sqlpocfig2.png

 

Preparation   

You will need to first enable Azure Defender for SQL, and for this you need to have the role of Security Admin. For more information about roles and privileges, visit this article.

 

You can enable the three plans for Azure Defender for SQL (for Azure SQL database servers, SQL servers on machines, and open-source relational databases) by following the instructions here.

 

If you are conducting this PoC in partnership with the SOC Team, make sure they are familiar with the alerts that may appear once you enable this plan. Review all alerts available at our Alerts Reference Guide.

 

From the readiness perspective, make sure to review the following resources to better understand Azure Defender for SQL:

 

Special Note for Defender for SQL servers on machines

 

Azure Defender for SQL servers on machines requires a Log Analytics agent installed and it should report to a workspace with enabled Azure Defender for SQL.

 

Azure Security Center default workspaces are controlled through the subscription settings in Pricing & Settings.

 

sqlpocfig3.png

 

Then ensure to turn SQL server on machines to be On.

 

sqlpocfig4.PNG

 

However, for customer-created workspaces, you need to enable Defender for SQL servers on machines on the particular workspace. Instead of going into the subscription, select the workspace that is associated with Azure Defender for SQL servers on machines.

 

 

sqlpocfig5.PNG

 

Then ensure that SQL servers on machines is turned On from here.

 

sqlpocfig6.PNG

Implementation and Validation      

You can use the sample alert feature to validate . To create these sample alerts, you will need to have the role Security Admin or Subscription Contributor.

 

To create sample alerts for Defender for SQL, go to Azure Security Center in the Security alerts section, click Sample alerts.

 

sqlpocfig7.PNG

 

Select your subscription, choose Azure SQL Database and SQL Server on machines on the Azure Defender plans, and click Create sample alerts.

sqlpocfig8.PNG

 

Prevention      

Azure Defender for SQL allows you to remediate SQL vulnerabilities and prevent SQL incidents and alerts using SQL vulnerability assessment. To configure it on your Azure SQL databases and Azure SQL Managed Instance, go to the Recommendations page in Azure Security Center, and select one of the following recommendations under the control Remediate security configurations:

  • For Azure SQL databases, select the recommendation Vulnerability assessment should be enabled on your SQL servers.
  • For Azure SQL Manage Instances, select the recommendation Vulnerability assessment should be enabled on your SQL managed instances.

 

When Azure Defender for SQL is enabled on your SQL Server on machines, SQL vulnerability assessment does not require initial configuration, as it’s installed automatically.

 

sqlpocfig9.PNG

 

In this article, we will demo SQL vulnerability assessment for Azure SQL database. Select the recommendation Vulnerability assessment should be enabled on your SQL servers.

 

sqlpocfig10.png

 

From here, select the unhealthy resource that you’d like to configure vulnerability assessment on, and click Fix.

 

sqlpocfig11.png

 

In the pane that appears, click Fix 1 resource.

 

sqlpocfig12.png

 

To remediate vulnerability findings from your SQL databases and SQL Server on machines, go to the Recommendations page in Azure Security Center. Under the control Remediate security configurations, select one of the following recommendations:

  • For Azure SQL databases and Azure SQL Manage Instances, select the recommendation SQL databases should have vulnerability findings resolved.
  • For SQL Server on machine, select the recommendation SQL servers on machines should have vulnerability findings resolved.

 

sqlpocfig13.png

 

In this article, we will demo SQL databases should have vulnerability findings resolved.

 

sqlpocfig14.png

 

From here, select any of the unhealthy resources.

 

sqlpocfig15.png

 

Then select the finding you wish to remediate. In this example, we’ll be selecting Auditing should be enabled at the server level.

 

sqlpocfig16.png

 

Then select the database.

 

sqlpocfig17.PNG

 

Once again, click the finding you wish to remediate, which in our case is Auditing should be enabled at the server level.

 

sqlpocfig18.PNG

 

Select Click here to remediate.

sqlpocfig19.PNG

 

Alternatively, you may decide that this finding does not pose a security risk for your environment. In this case, you should create an acceptable baseline, which is essentially a customisation that tells the Vulnerability Assessment what is expected in your environment.

 

To do this, select Approve as Baseline, and follow the subsequent instructions.

 

sqlpocfig 20.PNG

 

Vulnerability Assessment recurring scans in your environment, and in upcoming scans after this, any results that match the baseline you established are considered as passes. Only reports on deviations from this baseline will appear as findings in the Vulnerability Assessment dashboard. This allows you to focus your attention only on the relevant issues.

 

Continue remediating and/or setting baselines across all the findings and databases to improve your SQL security posture.

 

Automations      

Instead of following the manual process above to remediate recommendations on SQL databases, you can also use the automated ways to remediate recommendations related to SQL like, Vulnerability assessment should be enabled on your SQL servers, SQL managed instances, Enable transparent data encryption on SQL databases, Advanced Data Security for SQL Servers and many more like these in our Azure Security Center Github repository which gives you access to numerous such sample security playbooks that will help you automate in remediating a recommendation.

 

You can also utilize workflow automation feature in Azure Security Center which can trigger Logic Apps on Security alerts, recommendations, and changes to regulatory compliance. For example, when Azure Security Center detects a brute force attack, you may want this to be automatically taken care off, you can use this playbook as a starting point.

 

To understand how to remediate security alerts using Azure Defender, make sure you check out this chapter from SC-200 certification exam learning guide. You can also create an automatic response to a specific security alert using an ARM template, read more about it in our documentation.

 

Latest Updates

Azure Defender for SQL is now available on the SQL Virtual Machine blade. - Microsoft Tech Community

 

Conclusion

By the end of this PoC you should be able to determine the value proposition of Azure Defender for SQL and the importance to have this level of threat detection to your workloads.

 

Stay tuned for more Azure Defender PoC Series!

 

P.S. Subscribe to our Azure Security Center and Azure Defender Newsletter to stay up to date on helpful tips and new releases and join our Tech Community where you can be one of the first to hear the latest Azure Security Center news, announcements and get your questions answered by Azure Security experts.

 

Reviewers

Special Thanks to Yuri Diogenes, Safeena Begum, David Trigano and Michael Makhlevich for reviewing this article.

 

1 Comment
Respected Contributor

This series is a great idea. Are there any plans to add an article for Defender for IoT?

%3CLINGO-SUB%20id%3D%22lingo-sub-2671970%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Defender%20PoC%20Series%20%E2%80%93%20Azure%20Defender%20for%20SQL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2671970%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20series%20is%20a%20great%20idea.%20Are%20there%20any%20plans%20to%20add%20an%20article%20for%20Defender%20for%20IoT%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2657459%22%20slang%3D%22en-US%22%3EAzure%20Defender%20PoC%20Series%20%E2%80%93%20Azure%20Defender%20for%20SQL%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2657459%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EIntroduction%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EThis%20article%20is%20a%20continuation%20of%20Azure%20Defender%20PoC%20Series%20which%20provides%20you%20guidelines%20on%20how%20to%20perform%20a%20proof%20of%20concept%20for%20a%20specific%20Azure%20Defender%20plan.%20For%20a%20more%20holistic%20approach%20where%20you%20need%20to%20validate%20Azure%20Security%20Center%20and%20Azure%20Defender%2C%20please%20read%E2%80%AF%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-security-center%2Fhow-to-effectively-perform-an-azure-security-center-poc%2Fba-p%2F516874%22%20target%3D%22_blank%22%3EHow%20to%20Effectively%20Perform%20an%20Azure%20Security%20Center%20PoC%3C%2FA%3E%3CSPAN%3E%E2%80%AFarticle%3C%2FSPAN%3E.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20can%20be%20many%20security%20vulnerabilities%20in%20databases%20that%20are%20sometimes%20taken%20advantage%20of%20by%20malicious%20actors.%20According%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Foctoverse.github.com%2Fstatic%2Fgithub-octoverse-2020-security-report.pdf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EGithub%202020%20report%3C%2FA%3E%2C%20a%20vulnerability%20typically%20goes%20undetected%20for%20218%20weeks%20(just%20over%20four%20years)%20before%20being%20disclosed%20and%20fixed.%20Injection%20attacks%2C%20such%20as%20those%20on%20SQL%20and%20NoSQL%2C%20are%20among%20the%20most%20popular%20types%20of%20cyberattacks%20for%20web%20applications%20(as%20per%20%3CA%20href%3D%22https%3A%2F%2Fowasp.org%2Fwww-project-top-ten%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EOWASP%20Top%2010%3C%2FA%3E).%3C%2FP%3E%0A%3CP%3ESQL%20Injection%20attacks%2C%20brute-force%20attacks%2C%20SQL%20shell%20OS%20attacks%20leading%20to%20crypto-mining%20and%20ransomware%2C%20%2C%20can%20be%20detected%20and%20remediated%20by%20the%20%3CSTRONG%3EAzure%20Defender%20for%20SQL%20plan%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig1.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303828iA6399268980D19D3%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig1.PNG%22%20alt%3D%22sqlpocfig1.PNG%22%20%2F%3E%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-sql%2Fdatabase%2Fazure-defender-for-sql%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Defender%20for%20SQL%3C%2FA%3E%20has%20two%20main%20capabilities%20that%20together%20will%20protect%20your%20SQL%20environments%20from%20cyberattacks.%20These%20capabilities%20are%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EVulnerability%20Assessment%2C%20which%20is%20a%20service%20that%20helps%20you%20identify%20and%20remediate%20vulnerabilities%20in%20your%20database%20environments%20to%20improve%20your%20security%20posture%3C%2FLI%3E%0A%3CLI%3EAdvanced%20Threat%20Protection%2C%20which%20detects%20suspicious%20activities%20related%20to%20your%20databases%20and%20alerts%20you%20with%20details%20and%20recommended%20actions.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPlanning%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ESo%2C%3C%2FSPAN%3E%20what%20actually%20gets%20protected%20through%20%3CSPAN%3EAzure%20%3C%2FSPAN%3EDefender%20for%20SQL%3F%3C%2FP%3E%0A%3CP%3EThere%20are%20two%20Azure%20Defender%20plans%20that%20are%20comprised%20as%20part%20of%20Azure%20Defender%20for%20SQL%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAzure%20Defender%20for%20Azure%20SQL%20database%20servers%26nbsp%3Bprotects%3A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-sql%2Fdatabase%2Fsql-database-paas-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20SQL%20Database%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-sql%2Fmanaged-instance%2Fsql-managed-instance-paas-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20SQL%20Managed%20Instance%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsynapse-analytics%2Fsql-data-warehouse%2Fsql-data-warehouse-overview-what-is%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDedicated%20SQL%20pool%20in%20Azure%20Synapse%3C%2FA%3E.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3EAzure%20Defender%20for%20SQL%20servers%20on%20machines%26nbsp%3Bextends%20the%20protections%20for%20your%20to%20fully%20support%20hybrid%20environments%20and%20protects%20SQL%20servers%20hosted%20in%20Azure%2C%20other%20cloud%20environments%2C%20and%20even%20on-premises%20machines.%20It%20does%20this%20by%20protecting%3A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fservices%2Fvirtual-machines%2Fsql-server%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESQL%20Server%20on%20Virtual%20Machines%3C%2FA%3E%2C%3C%2FLI%3E%0A%3CLI%3EOn-premises%20SQL%20servers%20of%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsql%2Fsql-server%2Fazure-arc%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Arc%20enabled%20SQL%20Server%20(preview)%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-monitor%2Fagents%2Fagent-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESQL%20Server%20running%20on%20Windows%20machines%20without%20Azure%20Arc%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThere%20is%20also%20a%20third%20plan%20called%20Azure%20Defender%20for%20open-source%20relational%20databases%20that%20brings%20threat%20protection%20for%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fpostgresql%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Database%20for%20PostgreSQL%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fmysql%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Database%20for%20MySQL%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fmariadb%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Database%20for%20MariaDB%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig2.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303834i056316CC0BF1D47D%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig2.png%22%20alt%3D%22sqlpocfig2.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPreparation%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EYou%20will%20need%20to%20first%20enable%20Azure%20Defender%20for%20SQL%2C%20and%20for%20this%20you%20need%20to%20have%20the%20role%20of%20Security%20Admin.%20For%20more%20information%20about%20roles%20and%20privileges%2C%20visit%20this%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-permissions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Earticle%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20enable%20the%20three%20plans%20for%20Azure%20Defender%20for%20SQL%20(for%20Azure%20SQL%20database%20servers%2C%20SQL%20servers%20on%20machines%2C%20and%20open-source%20relational%20databases)%20by%20following%20the%20instructions%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-sql%2Fdatabase%2Fazure-defender-for-sql%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20conducting%20this%20PoC%20in%20partnership%20with%20the%20SOC%20Team%2C%20make%20sure%20they%20are%20familiar%20with%20the%20alerts%20that%20may%20appear%20once%20you%20enable%20this%20plan.%20Review%20all%20alerts%20available%20at%20our%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Falerts-reference%23alerts-sql-db-and-warehouse%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAlerts%20Reference%20Guide%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20the%20readiness%20perspective%2C%20make%20sure%20to%20review%20the%20following%20resources%20to%20better%20understand%20Azure%20Defender%20for%20SQL%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fdefender-for-sql-introduction%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Defender%20for%20SQL%20Documentation%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DsN8X2FzEIg4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20Defender%20for%20SQL%20and%20the%20Vulnerability%20Assessment%20%7C%20Azure%20Security%20Center%20in%20the%20Field%20%231%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWRtmP9cVinI%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EAzure%20Security%20Center%20webinar%3A%20Azure%20Defender%20for%20SQL%20Anywhere%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESpecial%20Note%20for%20Defender%20for%20SQL%20servers%20on%20machines%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Defender%20for%20SQL%20servers%20on%20machines%20requires%20a%20Log%20Analytics%20agent%20installed%20and%20it%20should%20report%20to%20a%20workspace%20with%20enabled%20Azure%20Defender%20for%20SQL.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Security%20Center%20default%20workspaces%20are%20controlled%20through%20the%20subscription%20settings%20in%20%3CSTRONG%3EPricing%20%26amp%3B%20Settings%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig3.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303843i2933C94878E5FD9F%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig3.png%22%20alt%3D%22sqlpocfig3.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%20ensure%20to%20turn%20%3CSTRONG%3ESQL%20server%20on%20machines%3C%2FSTRONG%3E%20to%20be%20%3CSTRONG%3EOn%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig4.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303845i35C9CB596260AD2A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig4.PNG%22%20alt%3D%22sqlpocfig4.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20for%20customer-created%20workspaces%2C%20you%20need%20to%20enable%20Defender%20for%20SQL%20servers%20on%20machines%20on%20the%20particular%20workspace.%20Instead%20of%20going%20into%20the%20subscription%2C%20select%20the%20workspace%20that%20is%20associated%20with%20Azure%20Defender%20for%20SQL%20servers%20on%20machines.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig5.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303846i38D6B54BDCF36D37%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig5.PNG%22%20alt%3D%22sqlpocfig5.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%20ensure%20that%20%3CSTRONG%3ESQL%20servers%20on%20machines%3C%2FSTRONG%3E%20is%20turned%20%3CSTRONG%3EOn%3C%2FSTRONG%3E%20from%20here.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig6.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303852i5B3551E54B2F7454%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig6.PNG%22%20alt%3D%22sqlpocfig6.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EImplementation%20and%20Validation%26nbsp%3B%26nbsp%3B%3C%2FSTRONG%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20use%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fsecurity-center-alert-validation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esample%20alert%3C%2FA%3E%26nbsp%3Bfeature%20to%20validate%20.%20To%20create%20these%20sample%20alerts%2C%20you%20will%20need%20to%20have%20the%20role%20Security%20Admin%20or%20Subscription%20Contributor.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20create%20sample%20alerts%20for%20Defender%20for%20SQL%2C%20go%20to%20Azure%20Security%20Center%20in%20the%20Security%20alerts%20section%2C%20click%20%3CSTRONG%3ESample%20alerts%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig7.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303858i2BB4DF0FAE7DF46A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig7.PNG%22%20alt%3D%22sqlpocfig7.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESelect%20your%20%3CSTRONG%3Esubscription%3C%2FSTRONG%3E%2C%20choose%20%3CSTRONG%3EAzure%20SQL%20Database%3C%2FSTRONG%3E%20and%20%3CSTRONG%3ESQL%20Server%20on%20machines%20%3C%2FSTRONG%3Eon%20the%20%3CSTRONG%3EAzure%20Defender%20plans%3C%2FSTRONG%3E%2C%20and%20click%20%3CSTRONG%3ECreate%20sample%20alerts%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig8.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303927iF17806382CB0E6D7%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig8.PNG%22%20alt%3D%22sqlpocfig8.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPrevention%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EAzure%20Defender%20for%20SQL%20allows%20you%20to%20remediate%20SQL%20vulnerabilities%20and%20prevent%20SQL%20incidents%20and%20alerts%20using%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-sql%2Fdatabase%2Fsql-vulnerability-assessment%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESQL%20vulnerability%20assessment%3C%2FA%3E.%20To%20configure%20it%20on%20your%20Azure%20SQL%20databases%20and%20Azure%20SQL%20Managed%26nbsp%3BInstance%2C%20go%20to%20the%20%3CSTRONG%3ERecommendations%3C%2FSTRONG%3E%20page%20in%20Azure%20Security%20Center%2C%20and%20select%20one%20of%20the%20following%20recommendations%20under%20the%20control%20%3CSTRONG%3ERemediate%20security%20configurations%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFor%20Azure%20SQL%20databases%2C%20select%20the%20recommendation%3CSTRONG%3E%20Vulnerability%20assessment%20should%20be%20enabled%20on%20your%20SQL%20servers.%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EFor%20Azure%20SQL%20Manage%20Instances%2C%20select%20the%20recommendation%20%3CSTRONG%3EVulnerability%20assessment%20should%20be%20enabled%20on%20your%20SQL%20managed%20instances.%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20Azure%20Defender%20for%20SQL%20is%20enabled%20on%20your%20SQL%20Server%20on%20machines%2C%20SQL%20vulnerability%20assessment%20does%20not%20require%20initial%20configuration%2C%20as%20it%E2%80%99s%20installed%20automatically.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig9.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303913i57A572AD3A35F858%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig9.PNG%22%20alt%3D%22sqlpocfig9.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20this%20article%2C%20we%20will%20demo%20SQL%20vulnerability%20assessment%20for%20Azure%20SQL%20database.%20Select%20the%20recommendation%20%3CSTRONG%3EVulnerability%20assessment%20should%20be%20enabled%20on%20your%20SQL%20servers%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig10.png%22%20style%3D%22width%3A%20973px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303914i6DEB3F738403EAC1%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig10.png%22%20alt%3D%22sqlpocfig10.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20here%2C%20select%20the%20unhealthy%20resource%20that%20you%E2%80%99d%20like%20to%20configure%20vulnerability%20assessment%20on%2C%20and%20click%20%3CSTRONG%3EFix%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig11.png%22%20style%3D%22width%3A%20842px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303915iABA011789F10E1AE%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig11.png%22%20alt%3D%22sqlpocfig11.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20pane%20that%20appears%2C%20click%20%3CSTRONG%3EFix%201%20resource%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig12.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303916iC85ACEC2DF0041B3%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig12.png%22%20alt%3D%22sqlpocfig12.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20remediate%20vulnerability%20findings%20from%20your%20SQL%20databases%20and%20SQL%20Server%20on%20machines%2C%20go%20to%20the%20%3CSTRONG%3ERecommendations%3C%2FSTRONG%3E%20page%20in%20Azure%20Security%20Center.%20Under%20the%20control%20%3CSTRONG%3ERemediate%20security%20configurations%3C%2FSTRONG%3E%2C%20select%20one%20of%20the%20following%20recommendations%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFor%20Azure%20SQL%20databases%20and%20Azure%20SQL%20Manage%20Instances%2C%20select%20the%20recommendation%3CSTRONG%3E%20SQL%20databases%20should%20have%20vulnerability%20findings%20resolved.%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EFor%20SQL%20Server%20on%20machine%2C%20select%20the%20recommendation%20%3CSTRONG%3ESQL%20servers%20on%20machines%20should%20have%20vulnerability%20findings%20resolved.%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig13.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303917i85C0E3CD1E921B59%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig13.png%22%20alt%3D%22sqlpocfig13.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20this%20article%2C%20we%20will%20demo%20%3CSTRONG%3ESQL%20databases%20should%20have%20vulnerability%20findings%20resolved%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig14.png%22%20style%3D%22width%3A%20903px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303918i967F124A8862808A%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig14.png%22%20alt%3D%22sqlpocfig14.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFrom%20here%2C%20select%20any%20of%20the%20unhealthy%20resources.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig15.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303919i2E1966844DE8106C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig15.png%22%20alt%3D%22sqlpocfig15.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%20select%20the%20finding%20you%20wish%20to%20remediate.%20In%20this%20example%2C%20we%E2%80%99ll%20be%20selecting%20%3CSTRONG%3EAuditing%20should%20be%20enabled%20at%20the%20server%20level%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig16.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303920i29D5F1316D981FBE%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig16.png%22%20alt%3D%22sqlpocfig16.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%20select%20the%20database.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig17.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303921i1EA93DBF040B6CF3%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig17.PNG%22%20alt%3D%22sqlpocfig17.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOnce%20again%2C%20click%20the%20finding%20you%20wish%20to%20remediate%2C%20which%20in%20our%20case%20is%20%3CSTRONG%3EAuditing%20should%20be%20enabled%20at%20the%20server%20level%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig18.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303922i25194FB408F1945C%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig18.PNG%22%20alt%3D%22sqlpocfig18.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESelect%20%3CSTRONG%3EClick%20here%20to%20remediate%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig19.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303923iF245A81EB9F12D04%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig19.PNG%22%20alt%3D%22sqlpocfig19.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAlternatively%2C%20you%20may%20decide%20that%20this%20finding%20does%20%3CEM%3Enot%3C%2FEM%3E%20pose%20a%20security%20risk%20for%20your%20environment.%20In%20this%20case%2C%20you%20should%20create%20an%20acceptable%20baseline%2C%20which%20is%20essentially%20a%20customisation%20that%20tells%20the%20Vulnerability%20Assessment%20what%20is%20expected%20in%20your%20environment.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20do%20this%2C%20select%20%3CSTRONG%3EApprove%20as%20Baseline%3C%2FSTRONG%3E%2C%20and%20follow%20the%20subsequent%20instructions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22sqlpocfig%2020.PNG%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F303924i6665799B641035C8%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22sqlpocfig%2020.PNG%22%20alt%3D%22sqlpocfig%2020.PNG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EVulnerability%20Assessment%20recurring%20scans%20in%20your%20environment%2C%20and%20in%20upcoming%20scans%20after%20this%2C%20any%20results%20that%20match%20the%20baseline%20you%20established%20are%20considered%20as%20passes.%20Only%20reports%20on%20deviations%20from%20this%20baseline%20will%20appear%20as%20findings%20in%20the%20Vulnerability%20Assessment%20dashboard.%20This%20allows%20you%20to%20focus%20your%20attention%20only%20on%20the%20relevant%20issues.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EContinue%20remediating%20and%2For%20setting%20baselines%20across%20all%20the%20findings%20and%20databases%20to%20improve%20your%20SQL%20security%20posture.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAutomations%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3B%3C%2FSTRONG%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EInstead%20of%20following%20the%20manual%20process%20above%20to%20remediate%20recommendations%20on%20SQL%20databases%2C%20you%20can%20also%20use%20the%20automated%20ways%20to%20remediate%20recommendations%20related%20to%20SQL%20like%2C%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FRemediation%2520scripts%2FVulnerability%2520assessment%2520should%2520be%2520enabled%2520on%2520your%2520SQL%2520servers%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EVulnerability%20assessment%20should%20be%20enabled%20on%20your%20SQL%20servers%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FRemediation%2520scripts%2FVulnerability%2520assessment%2520should%2520be%2520enabled%2520on%2520your%2520SQL%2520managed%2520instances%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESQL%20managed%20instances%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FRemediation%2520scripts%2FEnable%2520transparent%2520data%2520encryption%2520on%2520SQL%2520databases%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnable%20transparent%20data%20encryption%20on%20SQL%20databases%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FRemediation%2520scripts%2FAdvanced%2520data%2520security%2520should%2520be%2520enabled%2520on%2520your%2520SQL%2520servers%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAdvanced%20Data%20Security%20for%20SQL%20Servers%3C%2FA%3E%20and%20many%20more%20like%20these%20in%20our%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Security%20Center%20Github%20repository%3C%2FA%3E%26nbsp%3Bwhich%20gives%20you%20access%20to%20numerous%20such%20sample%20security%20playbooks%20that%20will%20help%20you%20automate%20in%20remediating%20a%20recommendation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20can%20also%20utilize%20workflow%20automation%20feature%20in%20Azure%20Security%20Center%20which%20can%20trigger%20Logic%20Apps%20on%20Security%20alerts%2C%20recommendations%2C%20and%20changes%20to%20regulatory%20compliance.%20For%20example%2C%20when%20Azure%20Security%20Center%20detects%20a%20brute%20force%20attack%2C%20you%20may%20want%20this%20to%20be%20automatically%20taken%20care%20off%3CSPAN%3E%2C%20you%20can%20use%20%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FWorkflow%2520automation%2FBlockBruteforceAttack%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20playbook%3C%2FA%3E%20%3CSPAN%3Eas%20a%20starting%20point.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETo%20understand%20how%20to%20remediate%20security%20alerts%20using%20Azure%20Defender%2C%20make%20sure%20you%20check%20out%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Flearn%2Fmodules%2Fremediate-azure-defender-security-alerts%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ethis%20chapter%3C%2FA%3E%26nbsp%3Bfrom%20SC-200%20certification%20exam%20learning%20guide.%20You%20can%20also%20create%20an%20automatic%20response%20to%20a%20specific%20security%20alert%20using%20an%20ARM%20template%2C%20read%20more%20about%20it%20in%20our%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fquickstart-automation-alert%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ELatest%20Updates%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fsql-server%2Fazure-defender-for-sql-is-now-available-on-the-sql-virtual%2Fba-p%2F2591879%22%20target%3D%22_blank%22%3EAzure%20Defender%20for%20SQL%20is%20now%20available%20on%20the%20SQL%20Virtual%20Machine%20blade.%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EConclusion%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EBy%20the%20end%20of%20this%20PoC%20you%20should%20be%20able%20to%20determine%20the%20value%20proposition%20of%20Azure%20Defender%20for%20SQL%20and%20the%20importance%20to%20have%20this%20level%20of%20threat%20detection%20to%20your%20workloads.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EStay%20tuned%20for%20more%20Azure%20Defender%20PoC%20Series!%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EP.S.%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FASCNewsSubscribe%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESubscribe%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eto%20our%20Azure%20Security%20Center%20and%20Azure%20Defender%20Newsletter%20to%20stay%20up%20to%20date%20on%20helpful%20tips%20and%20new%20releases%20and%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FASCTechCommunity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ejoin%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%3Eour%26nbsp%3BTech%20Community%26nbsp%3Bwhere%20you%20can%20be%20one%20of%20the%20first%20to%20hear%20the%20latest%20Azure%20Security%20Center%20news%2C%20announcements%20and%20get%20your%20questions%20answered%20by%20Azure%20Security%20experts.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EReviewers%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ESpecial%20Thanks%20to%20Yuri%20Diogenes%2C%20Safeena%20Begum%2C%20David%20Trigano%20and%20Michael%20Makhlevich%20for%20reviewing%20this%20article.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2657459%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22teaser.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312467iFC16E7A768EDE85B%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22teaser.png%22%20alt%3D%22teaser.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Sep 23 2021 11:25 AM
Updated by: