Defender for SQL servers on machines is set to On (Standard pricing tier)
defender_ensure_defender_for_sql_servers_is_on
Subscription pricing for Defender for SQL Server on Machines is configured to the Standard plan, covering SQL Server instances running on virtual machines.
Risk
Without Defender for SQL Server on Machines, attacks on SQL Server VMs can go undetected-including SQL injection, brute-force logons, and privilege abuse.
This risks data exfiltration (C), schema or record tampering (I), and outages or ransomware impact (A), while reducing visibility and delaying response.
prowler azure --checks defender_ensure_defender_for_sql_servers_is_on
Recommendation
Enable the Defender for SQL Server on Machines plan at the Standard tier for subscriptions hosting SQL Server VMs.
Apply defense-in-depth: enforce least privilege and strong authentication, segment networks, keep SQL patched, enable auditing, and route alerts to a SIEM for rapid containment.
Remediation
az security pricing create -n SqlServerVirtualMachines --tier Standard
- In the Azure Portal, go to Microsoft Defender for Cloud
- Click Environment settings and select the target subscription
- Open Defender plans (Plans)
- Find SQL servers on machines and set it to Standard (On)
- Click Save
Source Code
Resource Type
microsoft.security/pricings