Configure Microsoft Defender for SQL to the Standard tier
March 21, 2025 ยท View on GitHub
SYNOPSIS
Enable Microsoft Defender for SQL servers.
DESCRIPTION
SQL databases are used to store critical and strategic assets for your company and should be carefully secured. Microsoft Defender for SQL represents a single go-to location to manage security capabilities.
Enabling Defender for SQL automatically enables the following advanced SQL security capabilities:
- Vulnerability Assessment: discover, track, and provide guidance to remediate potential database vulnerabilities.
- Advanced Threat Protection: continuous monitoring of your databases, detection of suspect activities and more.
When enable at subscription level, all databases in Azure SQL Database and Azure SQL Managed Instance are protected.
RECOMMENDATION
Consider using Microsoft Defender for SQL to protect your SQL databases.
EXAMPLES
Configure with Azure template
To enable Microsoft Defender for SQL:
- Set the
Standardpricing tier for Microsoft Defender for SQL.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2024-01-01",
"name": "SqlServers",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep
To enable Microsoft Defender for SQL:
- Set the
Standardpricing tier for Microsoft Defender for SQL.
For example:
resource defenderForSQL 'Microsoft.Security/pricings@2024-01-01' = {
name: 'SqlServers'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure CLI
To enable Microsoft Defender for SQL:
- Set the
Standardpricing tier for Microsoft Defender for SQL.
For example:
az security pricing create -n 'SqlServers' --tier 'standard'
Configure with Azure PowerShell
To enable Microsoft Defender for SQL:
- Set the
Standardpricing tier for Microsoft Defender for SQL.
For example:
Set-AzSecurityPricing -Name 'SqlServers' -PricingTier 'Standard'
LINKS
- SE:10 Monitoring and threat detection
- Azure SQL Database and security
- Introduction to Microsoft Defender for SQL
- Azure security baseline for Azure SQL
- DP-2: Monitor anomalies and threats targeting sensitive data
- LT-1: Enable threat detection capabilities
- Azure Policy built-in policy definitions
- Azure deployment reference