Protect your databases with Defender for Databases

Defender for Databases in Microsoft Defender for Cloud allows you to protect your entire database estate with attack detection and threat response for the most popular database types in Azure. Defender for Cloud provides protection for the database engines and for data types, according to their attack surface and security risks.

Database protection includes:

• Microsoft Defender for Azure SQL databases
• Microsoft Defender for SQL servers on machines (Can also be enabled on a Log Analytics workspace)
• Microsoft Defender for open-source relational databases
• Microsoft Defender for Azure Cosmos DB

These four database protection plans are priced separately. Get more info about Defender for Cloud's pricing on the pricing page.

Prerequisites

• You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can sign up for a free subscription.

• You must enable Microsoft Defender for Cloud on your Azure subscription.

• Connect your non-Azure machines, AWS account or GCP projects.

Enable the Databases plan

When you enable database protection, you enable all four of the Defender plans and protect all of the supported databases on your subscription.

To enable Defender for Databases on your subscription:

1. Sign in to the Azure portal.

2. Search for and select Microsoft Defender for Cloud.

3. In the Defender for Cloud menu, select Environment settings.

4. Select the relevant Azure subscription, AWS account or GCP project.

5. On the Defender plans page, toggle the Databases plan to On.

   

Enable specific plans database protections

When you enable database protection, you enable the following four Defender plans:

• Defender for Azure SQL databases
• Defender for SQL server on machines (Can also be enabled on a Log Analytics workspace)
• Defender for open-source relational databases
• Defender for Azure Cosmos DB

These plans protect all of the supported databases in your subscription.

To enable specific database protections on your subscription:

1. Sign in to the Azure portal.

2. Search for and select Microsoft Defender for Cloud.

3. In the Defender for Cloud menu, select Environment settings.

4. Select the relevant subscription.

5. On the Defender plans page, locate the Databases plan and select Select types.

   

6. In the Resource types selection window, toggle the desired plans to On or Off.

   

7. (Optional) Exclude specific database resource types by toggling them to Off.

8. Select Continue.

9. Select Save.

Next steps

• Overview of Microsoft Defender for Azure SQL
• Microsoft Defender for SQL servers on machines
• Overview of Microsoft Defender for open-source relational databases
• Overview of Microsoft Defender for Azure Cosmos DB