Introduction
Contoso Financial Services has platform-level security controls and a complete audit trail in place. But during a recent penetration test, SQL injection attacks bypassed input validation and extracted data—with no real-time alerts. The team also discovered that a misconfigured AI fraud detection service is sending anomalous SQL queries for six days before anyone noticed. The "access controls" and "audit logs" record everything, but they didn't detect the threats as they happened.
The gap: Contoso has no active threat detection layer over its databases. Network controls and auditing are necessary but not sufficient. You need a service that monitors database activity, detects SQL injection attempts, identifies anomalous query patterns from AI services, and surfaces vulnerability exposures in real time.
Microsoft Defender for Databases provides this layer. In this module, you explore the threat detection capabilities in Defender for Databases, enable protection for Azure SQL Databases and open-source relational databases, configure vulnerability assessment, and set up alert routing to ensure your security team receives actionable notifications.
By the end of this module, you can:
- Describe Microsoft Defender for Databases plans and threat detection capabilities
- Enable Defender for Azure SQL Databases at subscription scope
- Enable Defender for open-source relational databases
- Configure vulnerability assessment to establish security baselines for Azure SQL
- Configure alert routing to deliver Defender detections to the security operations team