2.4 Ensure that Azure Defender is set to On for SQL servers on machines

Information

Turning on Azure Defender enables threat detection for SQL servers on machines, providing threat intelligence, anomaly detection, and behavior analytics in the Azure Security Center.

Rationale:

Enabling Azure Defender for SQL servers on machines allows for greater defense-in-depth, with threat detection provided by the Microsoft Security Response Center (MSRC).

Impact:

Turning on Azure Defender in Azure Security Center incurs an additional cost per resource.

Solution

From Azure Console

Go to Security Center

Select Pricing & settings blade

Click on the subscription name

Select the Azure Defender plans blade

On the line in the table for SQL Servers on machines Select On under Plan.

Select Save

Using Azure Command Line Interface 2.0
Use the below command to enable Standard pricing tier for Storage

az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/pricings/StorageAccounts?api-version=2018-06-01 [email protected]'input.json''

Where input.json contains the Request body json data as mentioned below.

{
'id': '/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/pricings/StorageAccounts',
'name': 'StorageAccounts',
'type': 'Microsoft.Security/pricings',
'properties': {
'SqlserverVirtualMachines': 'Standard'
}
}

Default Value:

By default, Azure Defender off is selected.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3, CSCv7|8

Plugin: microsoft_azure

Control ID: 66d2901120694c607558b8c8bdabbe0e5ddf76df3a33941e6604fb91f99505e4