Policy: Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
Configures auditing against a CIS Benchmark item.
Level: 2
Turning on Microsoft Defender for Databases enables threat detection for the instances running your database software. This provides threat intelligence, anomaly detection, and behavior analytics in the Azure Microsoft Defender for Cloud. Instead of being enabled on services like Platform as a Service (PaaS), this implementation will run within your instances as Infrastructure as a Service (IaaS) on the Operating Systems hosting your databases.
Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software. Instead of waiting on Microsoft release updates or other similar processes, you can manage them yourself. Threat detection is provided by the Microsoft Security Response Center (MSRC).
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
- Azure > CIS v2.0
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'
- Azure > CIS v2.0 > 02 - Microsoft Defender
- Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud
Policy Specification
Schema Type |
|
---|---|
Default |
|
Valid Values [YAML] |
|
Category
In Your Workspace
Developers
- tmod:@turbot/cis#/control/categories/v070301
- tmod:@turbot/azure-cisv2-0#/policy/types/r020103
- turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/r020103"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/r020103"
Get Policy TypeGet Policy Settings