Ensure advanced threat protection is used for Azure MySQL Single Server

HIGH

Description

Disabled advanced threat protection may make Azure MySQL Server susceptible to various attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to SQL Servers.
Select the MySQL Server you wish to edit.
Under Security, select Microsoft Defender for Cloud.
Configure as needed.

In Terraform -

In the azurerm_mysql_server resource, under threat_detection_policy, set enabled to true.

References:
https://learn.microsoft.com/en-us/azure/azure-sql/database/threat-detection-configure?view=azuresql
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mysql_server#email_account_admins

Policy Details

Rule Reference ID: AC_AZURE_0130

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_mysql_server

Resource Category: Database

Resource Type: MySQL

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2