Movatterモバイル変換

[0]ホーム
URL:

Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft EdgeMore info about Internet Explorer and Microsoft Edge
Table of contentsExit editor mode

Protect SQL Server with Microsoft Defender for Cloud

Feedback

In this article

Applies to:SQL Server

You can configure your instance of SQL Server enabled by Azure Arc with Microsoft Defender for Cloud by following these steps.

Prerequisites

  • Your Windows-based SQL Server instance is connected to Azure. Follow the instructions toConnect your SQL Server to Azure Arc.

    Note

    Microsoft Defender for Cloud is only supported for SQL Server instances on Windows machines. This will not work for SQL Server on Linux machines.

  • Your user account is assigned one of theSecurity Center Roles (RBAC)

Create a Log Analytics workspace

  1. Search forLog Analytics workspaces resource type and add a new one through the creation pane.

    Note

    You can use a Log Analytics workspace in any region so if you already have one, you can use it. But we recommend creating it in the same region where your SQL Server enabled by Azure Arc resource is created.

  2. Go toAgents management > Log Analytics agent instructions and copy Workspace ID and Primary key for later use.

Install Log Analytics Agent

The next step is needed only if you haven't yet configured MMA on the remote machine.

  1. Go toAzure Arc > Servers and open the Azure Arc-enabled server resource for the machine where the SQL Server instance is installed.

  2. Open theExtensions pane and click+ Add.

  3. SelectLog Analytics Agent - Azure Arc and clickNext.

  4. Set the Workspace ID and Workspace key using the values you saved in the previous step.

  5. After validation succeeds, selectCreate to install the agent. When the deployment completes, the status updates toSucceeded.

For more information, seeExtension management with Azure Arc.

Enable Microsoft Defender for Cloud

  1. Go toAzure Arc > SQL Servers and open the Azure Arc-enabled SQL Server resource for the instance that you want to protect.

  2. Click on theMicrosoft Defender for Cloud tile. If Enablement Status showsDisabled at the subscription-level, follow the steps documented inEnable Microsoft Defender for SQL servers on machines.

Note

The first scan to generate the vulnerability assessment happens within 24 hours after enabling Microsoft Defender for Cloud. Successive scans run automatically every Sunday.

Explore

Explore security anomalies and threats in Azure Security Center.

  1. Open your SQL Server – Azure Arc resource and selectMicrosoft Defender for Cloud in theSettings section of the left menu. to see the recommendations and alerts for that SQL Server instance.

    Screenshot showing how to select security heading.

  2. Select any of the recommendations to see the vulnerability details.

    Screenshot showing the Vulnerability report.

  3. Select any security alert for full details and further explore the attack. The following diagram is an example of the Potential SQL Injection alert.

    Screenshot showing a brute force alert.

  4. SelectTake action to mitigate the alert.

    Screenshot showing alert mitigation.

Next steps

Feedback

Was this page helpful?

YesNoNo

Need help with this topic?

Want to try using Ask Learn to clarify or guide you through this topic?

Suggest a fix?
  • Last updated on

In this article

Was this page helpful?

YesNo
NoNeed help with this topic?

Want to try using Ask Learn to clarify or guide you through this topic?

Suggest a fix?