Use Microsoft Defender

March 21, 2025 ยท View on GitHub

SYNOPSIS

Enable Microsoft Defender for Cloud for Azure Database for MariaDB.

DESCRIPTION

Defender for Cloud detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases.

RECOMMENDATION

Enable Microsoft Defender for Cloud for Azure Database for MariaDB.

EXAMPLES

Configure with Azure template

To deploy Azure Database for MariaDB Servers that pass this rule:

  • Deploy a Microsoft.DBforMariaDB/servers/securityAlertPolicies sub-resource (child resource).
  • Set the properties.state property to Enabled.

For example:

{
  "type": "Microsoft.DBforMariaDB/servers",
  "apiVersion": "2018-06-01",
  "name": "[parameters('serverName')]",
  "location": "[parameters('location')]",
  "sku": {
    "name": "[parameters('skuName')]",
    "tier": "GeneralPurpose",
    "capacity": "[parameters('SkuCapacity')]",
    "size": "[format('{0}', parameters('skuSizeMB'))]",
    "family": "[parameters('skuFamily')]"
  },
  "properties": {
    "createMode": "Default",
    "version": "[parameters('mariadbVersion')]",
    "administratorLogin": "[parameters('administratorLogin')]",
    "administratorLoginPassword": "[parameters('administratorLoginPassword')]",
    "storageProfile": {
      "storageMB": "[parameters('skuSizeMB')]",
      "backupRetentionDays": 7,
      "geoRedundantBackup": "Enabled"
    }
  },
  "resources": [
    {
      "type": "Microsoft.DBforMariaDB/servers/securityAlertPolicies",
      "apiVersion": "2018-06-01",
      "name": "Default",
      "dependsOn": ["[parameters('serverName')]"],
      "properties": {
        "emailAccountAdmins": true,
        "emailAddresses": ["soc@contoso.com"],
        "retentionDays": 14,
        "state": "Enabled",
        "storageAccountAccessKey": "account-key",
        "storageEndpoint": "https://contoso.blob.core.windows.net"
      }
    }
  ]
}

Configure with Bicep

To deploy Azure Database for MariaDB Servers that pass this rule:

  • Deploy a Microsoft.DBforMariaDB/servers/securityAlertPolicies sub-resource (child resource).
  • Set the properties.state property to Enabled.

For example:

resource mariaDbServer 'Microsoft.DBforMariaDB/servers@2018-06-01' = {
  name: serverName
  location: location
  sku: {
    name: skuName
    tier: 'GeneralPurpose'
    capacity: skuCapacity
    size: '${skuSizeMB}' 
    family: skuFamily
  }
  properties: {
    createMode: 'Default'
    version: mariadbVersion
    administratorLogin: administratorLogin
    administratorLoginPassword: administratorLoginPassword
    storageProfile: {
      storageMB: skuSizeMB
      backupRetentionDays: 7
      geoRedundantBackup: 'Enabled'
    }
  }
}

resource mariaDbDefender 'Microsoft.DBforMariaDB/servers/securityAlertPolicies@2018-06-01' = {
  name: 'Default'
  parent: MariaDbServer
  properties: {
    emailAccountAdmins: true
    emailAddresses: ['soc@contoso.com']
    retentionDays: 14
    state: 'Enabled'
    storageAccountAccessKey: 'account-key'
    storageEndpoint: 'https://contoso.blob.core.windows.net'
  }
}