Overview of Microsoft Defender for Azure SQL

Microsoft Defender for Azure SQL helps you discover and mitigate potential database vulnerabilities and alerts you to anomalous activities that might indicate a threat to your databases.

• Vulnerability assessment: Scan databases to discover, track, and remediate vulnerabilities. Learn more about vulnerability assessment.
• Threat protection: Receive detailed security alerts and recommended actions based on SQL Advanced Threat Protection to mitigate threats. Learn more about SQL Advanced Threat Protection.

When you enable Defender for Azure SQL, all supported resources within the subscription are protected. Future resources created on the same subscription will also be protected.

Defender for Azure SQL is billed as shown on the pricing page.

Defender for Azure SQL protects read-write replicas of the following SQL versions of :

• Azure SQL single databases and elastic pools.
• Azure SQL Managed Instance.
• Azure Synapse Analytics (formerly SQL DW) dedicated SQL pool.

Defender for Azure SQL protects the following SQL versions:

• SQL Server version: 2012, 2014, 2016, 2017, 2019, 2022.
• SQL on Azure virtual machines
• SQL Server on Azure Arc-enabled servers.

What are the benefits of Microsoft Defender for Azure SQL?

Discover and mitigate vulnerabilities

A vulnerability assessment service discovers, tracks, and helps you fix potential database vulnerabilities. Assessment scans provide an overview of your SQL machines' security state and details of any security findings. Defender for Azure SQL helps you identify and mitigate potential database vulnerabilities and detect anomalous activities that could indicate threats to your databases.

Learn more about vulnerability assessment for Azure SQL Database.

Advanced threat protection

An advanced threat protection service continuously monitors your SQL servers for threats like SQL injection, brute-force attacks, and privilege abuse. This service provides action-oriented security alerts in Microsoft Defender for Cloud with details of the suspicious activity, guidance on how to mitigate the threats, and options for continuing your investigations with Microsoft Sentinel. Learn more about advanced threat protection.

Threat intelligence-enriched security alerts are triggered when there are:

• Potential SQL injection attacks - including vulnerabilities detected when applications generate a faulty SQL statement in the database.
• Anomalous database access and query patterns - such as, an abnormally high number of failed sign-in attempts with different credentials (a brute force attempt).
• Suspicious database activity - such as, a legitimate user accessing an SQL Server from a breached computer that communicated with a crypto-mining C&C server.

Alerts include details of the incident that triggered them and recommendations on how to investigate and remediate threats. Learn more about the security alerts for SQL servers.

Next steps

In this article, you learned about Microsoft Defender for Azure SQL. Now you can:

• Enable Microsoft Defender for Azure SQL
• How Microsoft Defender for Azure SQL can protect SQL servers anywhere.
• Set up email notifications for security alerts