4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled'

Information

Enable 'Azure Defender for SQL' on critical SQL Servers.

Rationale:

Azure Defender for SQL is a unified package for advanced SQL security capabilities. Azure Defender is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.

Impact:

Azure Defender for SQL is a paid feature and will incur additional cost for each SQL server.

Solution

From Azure Console

Go to SQL servers

For each server instance

Click on Azure Defender for SQL

Set Azure Defender for SQL to On

Using Azure PowerShell
Enable Advanced Data Security for a SQL Server:

Set-AzSqlServerThreatDetectionPolicy -ResourceGroupName <resource group name> -ServerName <server name> -EmailAdmins $True

Note:

Enabling 'Azure Defender for SQL' from the Azure portal enables Threat Detection

Using Powershell command Set-AzSqlServerThreatDetectionPolicy enables Azure Defender for SQL for a SQL server

Default Value:

By default, Azure Defender for SQL is set to Off.

See Also

https://workbench.cisecurity.org/files/3459

Item Details

Category: RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|RA-5, 800-53|SI-4, CSCv7|3.1

Plugin: microsoft_azure

Control ID: f8fddcd6640a0db0d8ee20fbaf1a004ae94c2faba157ed8461080a2e766d0406