Overview of Microsoft Defender for Azure SQL Databases
In Microsoft Defender for Cloud, the Defender for Azure SQL Databases plan within Defender for Databases helps you discover and mitigate potential database vulnerabilities. It alerts you to anomalous activities that might indicate a threat to your databases.
When you enable Defender for Azure SQL Databases, all supported resources within the subscription are protected. Future resources that you create on the same subscription will also be protected. For information about billing, see the Defender for Cloud pricing page.
Defender for Azure SQL Databases helps protect read/write replicas of:
- Azure SQL single databases and elastic pools.
- Azure SQL managed instances.
- Azure Synapse Analytics (formerly Azure SQL Data Warehouse) dedicated SQL pools.
Defender for Azure SQL Databases helps protect the following SQL Server products:
- SQL Server version 2012, 2014, 2016, 2017, 2019, and 2022
- SQL Server on Azure Virtual Machines
- SQL Server enabled by Azure Arc
Benefits
Vulnerability assessment
Defender for Azure SQL Databases discovers, tracks, and helps you fix potential database vulnerabilities. These vulnerability assessment scans provide an overview of your SQL machines' security state and details of any security findings, including anomalous activities that could indicate threats to your databases. Learn more about the vulnerability assessment.
Threat protection
Defender for Azure SQL Databases uses Advanced Threat Protection to continuously monitor your SQL servers for threats like:
- Potential SQL injection attacks: For example, vulnerabilities detected when applications generate a faulty SQL statement in the database.
- Anomalous database access and query patterns: For example, an abnormally high number of failed sign-in attempts with different credentials (a brute force attack).
- Suspicious database activity: For example, a legitimate user accessing a SQL server from a breached computer that communicated with a crypto-mining command and control (C&C) server.
Defender for Azure SQL Databases provides action-oriented security alerts in Defender for Databases. These alerts include details of the suspicious activity, guidance on how to mitigate the threats, and options for continuing your investigations by using Microsoft Sentinel. Learn more about the security alerts for SQL servers.