SQL Server-Azure Arc- Azure Defender is Off

Nafila Afrin 111 Reputation points
2021-11-01T00:55:44.16+00:00

Hi ,

I have my SQL server-Azure Arc machine and i have Azure Defender for SQL server enabled in pricing and Settings in Security Center. However, my sql server-Azure Arc machine shows OFF. Kindly help on how to enable the Azure defender ON

145275-sql-azure-defender.png

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
975 questions
0 comments
Accepted answer
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-11-01T13:43:20.827+00:00

    @Nafila Afrin Thanks for reaching out Nafila.

    Azure Arc enabled SQL servers needs to be onboarded by enabling SQL servers on machines option under pricing and settings for Azure defender.
    Please sure that this is enabled :
    145530-image.png

    Is it is already enabled, it might take upto 24 hours to reflect the changes and assessments. Let me know if you still do not see that after that period.

    -----------------------------------------------------------------------------------------------------------------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nafila Afrin 111 Reputation points
    2021-11-02T01:35:57.11+00:00

    Hi @VipulSparsh-MSFT ,

    Thanks for the reply.

    Do we need to enable Audit specification in MSSQL server to use the Azure Defender for SQL?

    currently i didnt enable audit in MSSQL server. I have executed few SQL injection queries in MSSQL server for testing. However, in Security Center, i couldnt find any alert for SQL injection.

    These are the steps i performed for Azure Defender for On-Prem MSSQL Server

    1. Installed Azure Arc Agent in on-prem windows Machine which has MSSQL server installed.
    2. Deployed Log Analytic Agent in on-prem windows Machine which has MSSQL server installed.
    3. Installed SQL Server Extension in on-prem windows Machine which has MSSQL server installed.
    4. Enabled Azure Defender For SQL Pricing Plan in Azure Defender.

    In my Azure Portal, i can see my onboarded on-prem Azure arc sql server machine with Azure Defender ON. But am not receiving any security alerts even though i have executed SQL injection queries. Thats why asking whether we need to enable Audit specification in MSSQL server?

    Thanks in Advance

  2. Nafila Afrin 111 Reputation points
    2021-11-02T05:22:39.527+00:00

    Hi @VipulSparsh-MSFT ,

    Please find the attached screenshot below145683-defender.png

  3. Nafila Afrin 111 Reputation points
    2021-11-02T09:35:22.263+00:00

    Hi @VipulSparsh-MSFT ,

    Its been 2 days, but its still not reporting. is there any simulation test we can do on MSSQL server to see whether the alert has been triggered on Security Center?

    Thanks