Feb 08 2022 08:36 AM
Hello,
I wish to convince relevant team members to use Microsoft Defender for SQL and I wish to let them know that Microsoft Defender for SQL will not do any change automatically, without a manual action by a human, so they won't be unaware of any change or that anything will be blocked without their consent.
Is there an official web page or document that states so explicitly?
Feb 09 2022 02:48 PM
SolutionHey @eitan1000,
Microsoft Defender for SQL does not do any auto-blocking based on alerts or recommendations. You can configure triggers for logic apps and we want to give better tools for auto-remediation in the future but that would be an opt-in experience when relevant. We understand that security always comes with continuity of business, which is the purpose for the resource to exist in the first place.
When you enable Microsoft Defender for SQL on machines we add a lean XEvents session through which we monitor the relevant behavior, for Azure SQL it is done through a background stream.
Feb 10 2022 12:13 AM
Feb 09 2022 02:48 PM
SolutionHey @eitan1000,
Microsoft Defender for SQL does not do any auto-blocking based on alerts or recommendations. You can configure triggers for logic apps and we want to give better tools for auto-remediation in the future but that would be an opt-in experience when relevant. We understand that security always comes with continuity of business, which is the purpose for the resource to exist in the first place.
When you enable Microsoft Defender for SQL on machines we add a lean XEvents session through which we monitor the relevant behavior, for Azure SQL it is done through a background stream.