Not Monitored
Tag not monitored by Microsoft.
39,873 questions
Defender for SQL Servers - DCRs, LAW and settings
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 2%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
vincent manzari
41
Reputation points
Hello all,
we have activated Defender for SQL Servers in a customer environments. When we have enabled Defender for SQL, it automatically created some resources (as documented by MS) specifically:
- DCR: MicrosoftDefenderForSQL--dcr
- DCRA: /Microsoft.Insights/MicrosoftDefenderForSQL-RulesAssociation
- Resource group: DefaultResourceGroup-
- Log analytics workspace: D4SQL--
In the first time, we have enabled 5 instance on D4SQL and we seen them in the DCR. Based on customer request, we need to use only one LAW for all data. Currently we use this LAW for AMA and Log Forwarders. For D4SQL we have tried to change the configuration on Defender for Cloud Portal
and we have specified the custom LAW
After the change, we have migrated 3 servers from the on-premise that have SQL installed. SQL extention was successfully installed but after our expectation was to see the new servers covered on D4SQL. This wasn't happen, and when we checked in the DCR, we seen only the previous servers configured. Also in the D4Cloud portal we seen 5 instances instead of 8. To test, we have added 1 of the last 3 servers in the DCR and after a while we have seen 6/6 instances on D4Cloud portal.
It's a normal behaviour? What we need to do to have the 3 servers (and future servers) automatically covered by D4SQL and added in the DCR ? We need to reconfigure D4SQL? or we need to mantain the D4SQL in its LAW created when enabled?
Thank you for the support
Vincent
Sign in to answer