Verify SQL machine protection
After enabling protection for SQL VMs with the Defender for SQL Servers on Machines plan, verify that your SQL servers are protected as expected.
Verify protection on multiple Azure VMs
Run the Get-SsqlVMProtectionStatusReport.ps1 PowerShell script to retrieve and report the protection status of SQL VMs protection for Defender for SQL Servers on Machines within a specified Azure subscription. This script is applicable for Azure VMs only and does the following:
- Queries registry settings from SQL VMs.
- Retrieves protection status from the machine registry.
- Converts the timestamp from .NET ticks to an ISO 8601 formatted date.
- Aggregates results for all SQL instances found on each VM.
- Exports the collected data to an Excel report, which includes:
- SQL VM Name
- SQL Instance Name
- Protection Status
- Last Update Time
- SQL VM Resource ID
Verify protection on multiple Azure Arc-enabled VMs
Run the following query in Azure Resource Graph to identify Azure Arc-enabled VMs that aren't in a protected state. Follow these instructions to run a query in Azure Resource Graph.
resources
| where type == "microsoft.azurearcdata/sqlserverinstances"
| extend SQLonArcProtection= tostring(properties.azureDefenderStatus)
| extend protectionStatusLastUpdate = tostring(properties.azureDefenderStatusLastUpdated)
Verify protection on a single SQL server instance
In the Azure portal, search for and select SQL virtual machines.
Locate and select a database on the machine.
Under the Security tab, select Defender for Cloud.
Check the Protection status. If the status is Protected, the deployment was successful.
Troubleshoot unprotected machines
If databases aren't protected, follow the instructions in the troubleshooting guide to remediate.