Defender for SQL for on-prem Azure Arc connected SQL servers
I am having trouble using the Azure Built-In policy "Configure Arc-enabled SQL Servers with DCR Association to Microsoft Defender for SQL user-defined DCR". I would assume a newly created DCR would work just fine, but I am unsure as when I use the policy that will automatically create a DCR and LA workspace, it works fine. Does my DCR need to be configured with a special data source and destination? (Similarly how Azure Monitor needs a special DCR for Arc machines)
Blog | Microsoft Defender for Cloud -strategy and plan towards Log Analytics Agent (MMA) deprecation
Log Analytics agent (also known as MMA) is on a deprecation path and will be retired in Aug 2024. The purpose of this blogpost is to clarify how Microsoft Defender for Cloud will align with this plan and its impact on customers. There are two Defender for Cloud plans with features relying on the Log Analytics agent: Defender for Servers Plan 2 and Defender for SQL server on machines. As part of an updated strategy, Azure monitoring Agent (also known as AMA), won’t be a requirement as part of our Defender for Servers offering, but will remain required as part of Defender for SQL server on machines. As a result, Defender for Servers’ features and capabilities outlined below, as well as the auto-provisioning process that provides the installation and configuration of both agents (MMA/AMA), will be adjusted accordingly. Read the full blog post: Microsoft Defender for Cloud - strategy and plan towards Log Analytics Agent (MMA) deprecation - Microsoft Community HubNew Blog | 'SQL servers on machines should have vulnerability findings resolved.'
Databases contain some of your most sensitive data, which makes them an obvious target for attackers. Most attackers are usually looking for data, whether it is to acquire sensitive data for their own use (to sell), to encrypt it (to sell back to you), or to destroy it (to cause you reputational and operational harm). Databases have an extended attack surface and are often misconfigured which can lead to an attacker gaining access, elevating permissions, and wreaking havoc. This recommendation is generated by Defender for SQL on machines Vulnerability Assessment. The rules that we check for are a set of possible misconfigurations that should be addressed. When you have findings for this recommendation, you have four options on how to handle it. We’ll go into depth on each of them in this blog. Read the blog: Microsoft Defender for Cloud - 'SQL servers on machines should have vulnerability findings resolved' - Microsoft Community Hub
Anyone using Defender for SQL for on-prem Azure Arc connected SQL servers?
We have had around 20 on-premise SQL Servers connected via Azure Arc for several months, but there have been no alerts generated in Defender for Cloud. If it is working as intended, I'm glad we have had no suspicious activity. But I'm also concerned something may not be configured correctly. In my experience with security products, there is typically a tuning period needed to eliminate false positives. Does anyone know if there is anything we can do on the DB to trigger an alert, just to make sure everything is working? I'll just add that all the servers/DBs show as "Connected" in Azure > Azure Arc > SQL Servers, and show "Protected" on the Microsoft Defender for Cloud tab. There are also "Recommendations" and "Vulnerability assessment findings" for each server. So everything appears to be connected, there just are not any alerts.Talk to our engineers about Microsoft Defender for Cloud protection capabilities
Data Security has become top priority for organizations, greatly emphasized by the transition to cloud, rise in privacy and regulatory legislations, and Intellectual Property needs. Organizations look for Data Security technologies to address data security risks and to protect their data in an ever growing and complex eco-system of devices, platform, locations, and data asset types. The Cloud Data Security (CDS) product team is developing new capabilities in Microsoft Defender for Cloud that enhances data security posture management based on data sensitivity and data risk. We are currently collecting customer’s input on data protection capabilities for structured and unstructured data and would like to speak with customers interested in protecting their data in the cloud. During this conversation, you will be speaking directly with the Cloud Data Security engineering group regarding cloud data protection needs for structured and unstructured data such as data loss prevention, encryption, tokenization, masking, and access policies. Your input is important and will help influence the design and development of key features. If are interested in talking to our Cloud Data Security Engineering team about protection capabilities within Microsoft Defender for Cloud, please fill out this form --> https://aka.ms/MDFCDataProtectionAzure Defender for SQL Server is now Generally Available
We are delighted to announce that Azure Defender for SQL Server is now Generally Available for protecting SQL databases on premises, in Azure VMs and in multi-cloud deployments, allowing customers to constantly monitors their SQL servers outside Azure for known vulnerabilities and threats. Watch Azure Defender for SQL Server in action We invite you to watch the following short video to see how Azure Defender for SQL can help organizations avoid, detect, and respond to popular attacks on their SQL servers which are commonly observed in the wild. Learn more on the Introduction to Azure Defender for SQL page.
