Quick Track: Beginner’s Guide to Azure SQL- Azure Defender and Threat Protection

Source: Pexels

Azure Defender for SQL, once you enable it will alert you for any SQL injection attacks, brute force attacks or any breached identities trying to access the data of your database. It also provides the vulnerability assessments. Vulnerability assessments give you alerts about the configurations of your database. If your database configuration is not following the standards of Azure, you will receive the alerts in the vulnerability assessment report.

You can enable the Azure Defender at the subscription level or at the Server level or at the resource level as well. Under the recommendations in the security center in the Azure portal, check for the Remediate security configuration. This will show if the Azure defender is configured properly.

Azure defender for SQL consists of two features – Advanced Threat Protection and Vulnerability Assessment.

Advanced Threat Protection

Threat protection will send the alerts if there is any malicious activity going on against your database. You will receive alerts if there are any SQL injection attacks, any suspicious login attempts from new locations.

Vulnerability Assessment

Vulnerability assessment will check for the security misconfigurations based on the Azure standards. It will provide a baseline based on the standards which you can later accept and add these baselines based upon your environment. It will also provide the actionable steps to take and remediate the alert.

Azure defender supports Azure environments and also hybrid environments. For the complete list of where the Azure defender is supported, please check the Microsoft article here.

You can view all the defender collected information in the centralized view at Azure Security Center.

Vulnerability assessment requires the storage account for the PaaS service. This can be setup at the logical SQL Server level. For the IaaS service, you don’t have to specify the storage account separately.

Once you turn on the Azure Defender, we need to give sometime to collect the information and scan the system for any vulnerabilities. At the server level, Go to the Microsoft Defender for Cloud. You can also open at the resource level as well.

To view the details, click on the additional recommendations.

You can also see the recommendations from the resource level as well. Click on the Microsoft defender for cloud from the database level.

Scroll down to see the details

Let’s see the example of the first vulnerability assessment finding. The security check shows Database owners are as expected. Click on the finding to see more details.

You can either look into the details and add the recommendations to the baseline or ignore. This is completely based on your needs and your current environment.

Azure Sentinel

Azure sentinel will help in identifying the security incidents that we need to investigate. You need to create a log analytics workspace to add to Azure sentinel. Multiple data connectors can be used to connect and collect the information from these different connectors and analyze the data for the security incidents.

You can use different dashboards to view the collected data and alerts. For example, you can use the audit logs dashboard to view more details on the alerts. You can setup the alerts for the events. You can also create the playbooks to automate the response to specific alerts using the logic apps.

Learn how to setup the Azure Sentinel here.

In the next blog post, we will learn about the Auditing in Azure SQL.


  1. Overview of Microsoft Defender for Azure SQL
  2. Azure Defender for SQL

Thanks for reading!

One thought on “Quick Track: Beginner’s Guide to Azure SQL- Azure Defender and Threat Protection

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s