Set Microsoft Defender for open-source relational databases to the Standard tier#
Security · Microsoft Defender for Cloud · Rule · 2023_06 · Critical
Enable Microsoft Defender for open-source relational databases.
Description#
Microsoft Defender for open-source relational databases provides additional security for open-source relational databases.
The following open-source relational databases are supported:
- Azure Database for PostgreSQL
- Azure Database for MySQL
- Azure Database for MariaDB
Protection is provided by analyzing onboarded databases for unusual and potentially harmful attempts to access or exploit databases. Which allows Microsoft Defender for Cloud to produce security alerts that are triggered when anomalies in activity occur.
Security alerts for onboarded databases shows up in Defender for Cloud with details of the suspicious activity and recommendations on how to investigate and remediate the threats.
Microsoft Defender for open-source relational databases can be enabled at the subscription level and by doing so ensures all supported databases in the subscription will be protected, including future ones.
Recommendation#
Consider using Microsoft Defender for for open-source relational databases to provide additional security for open-source relational databases.
Examples#
Configure with Azure template#
To enable Microsoft Defender for open-source relational databases:
- Set the
Standard
pricing tier for Microsoft Defender for open-source relational databases.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2024-01-01",
"name": "OpenSourceRelationalDatabases",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep#
To enable Microsoft Defender for open-source relational databases:
- Set the
Standard
pricing tier for Microsoft Defender for open-source relational databases.
For example:
resource defenderForOssRdb 'Microsoft.Security/pricings@2024-01-01' = {
name: 'OpenSourceRelationalDatabases'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure CLI#
To enable Microsoft Defender for open-source relational databases:
- Set the
Standard
pricing tier for Microsoft Defender for open-source relational databases.
For example:
Configure with Azure PowerShell#
To enable Microsoft Defender for open-source relational databases:
- Set the
Standard
pricing tier for Microsoft Defender for open-source relational databases.
For example:
Set-AzSecurityPricing -Name 'OpenSourceRelationalDatabases' -PricingTier 'Standard'
Notes#
Microsoft Defender for open-source relational databases is currently available only for the single server deployment model for PostgreSQL and the single server deployment model for MySQL. For PostgreSQL, MySQL and MariaDB General Purpose
and Memory Optimized
tiers are required in order to be protected.
Links#
- SE:10 Monitoring and threat detection
- What is Microsoft Defender for Cloud?
- Overview of Microsoft Defender for open-source relational databases
- Enable Defender for OSS RDBs
- Quickstart: Enable enhanced security features
- Azure security baseline for Azure Database for PostgreSQL - Single Server
- Azure security baseline for Azure Database for MySQL - Single Server
- Azure security baseline for Azure Database for MariaDB
- Azure Policy built-in policy definitions
- Azure deployment reference