Ensure Azure Defender is set to On for SQL servers on machines

Error: Azure Defender is set to Off for SQL servers on machines

Bridgecrew Policy ID: BC_AZR_GENERAL_56
Checkov Check ID: CKV_AZURE_79
Severity: MEDIUM

Azure Defender is set to Off for SQL servers on machines

Description

Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they've been onboarded).

Azure Defender for SQL servers on machines extends the protections for your Azure-native SQL Servers to fully support hybrid environments and protect SQL servers (all supported version) hosted in Azure.

Fix - Buildtime

Terraform

  • Resource: azurerm_security_center_subscription_pricing
  • Argument: resource_type - (Required) The resource type this setting affects. Ensure that SqlServers and SqlServerVirtualMachines are declared to pass this check.
resource "azurerm_security_center_subscription_pricing" "example" {
  tier          = "Standard"
  resource_type = "AppServices,ContainerRegistry,KeyVaults,KubernetesService,SqlServers,SqlServerVirtualMachines,StorageAccounts,VirtualMachines,ARM,DNS"
}