ServiceNow CMDB CI relationship sync: faster, more complete →
Mods
Azure

Policy: Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.03 - Ensure That Microsoft Defender for Databases Is Set To 'On'

Configures auditing against a CIS Benchmark item.

Level: 2

Turning on Microsoft Defender for Databases enables threat detection for the instances running your database software. This provides threat intelligence, anomaly detection, and behavior analytics in the Azure Microsoft Defender for Cloud. Instead of being enabled on services like Platform as a Service (PaaS), this implementation will run within your instances as Infrastructure as a Service (IaaS) on the Operating Systems hosting your databases.

Enabling Microsoft Defender for Azure SQL Databases allows your organization more granular control of the infrastructure running your database software. Instead of waiting on Microsoft release updates or other similar processes, you can manage them yourself. Threat detection is provided by the Microsoft Security Response Center (MSRC).

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
string
Default
Per Azure > CIS v2.0 > 02 - Microsoft Defender
Valid Values [YAML]
  • Per Azure > CIS v2.0 > 02 - Microsoft Defender
    
  • Skip
    
  • Check: Benchmark
    

Category

In Your Workspace

Developers