| title | description | ms.topic | ms.date |
|---|---|---|---|
Protect your databases with Defender for Databases |
Learn how to enable the Databases plan on your Azure subscription for Microsoft Defender for Cloud. |
install-set-up-deploy |
06/29/2023 |
Defender for Databases in Microsoft Defender for Cloud allows you to protect your entire database estate with attack detection and threat response for the most popular database types in Azure. Defender for Cloud provides protection for the database engines and for data types, according to their attack surface and security risks.
Database protection includes:
- Microsoft Defender for Azure SQL databases
- Microsoft Defender for SQL servers on machines
- Microsoft Defender for open-source relational databases
- Microsoft Defender for Azure Cosmos DB
These four database protection plans are priced separately. Get more info about Defender for Cloud's pricing on the pricing page.
-
You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can sign up for a free subscription.
-
You must enable Microsoft Defender for Cloud on your Azure subscription.
-
Connect your non-Azure machines, AWS account or GCP projects.
When you enable database protection, you enable all four of the Defender plans and protect all of the supported databases on your subscription.
To enable Defender for Databases on your subscription:
-
Sign in to the Azure portal.
-
Search for and select Microsoft Defender for Cloud.
-
In the Defender for Cloud menu, select Environment settings.
-
Select the relevant Azure subscription, AWS account or GCP project.
-
On the Defender plans page, toggle the Databases plan to On.
:::image type="content" source="media/tutorial-enabledatabases-plan/enable-databases.png" alt-text="Screenshot that shows you where to select, to enable the databases plan." lightbox="media/tutorial-enabledatabases-plan/enable-databases.png":::
When you enable database protection, you enable the following four Defender plans:
- Defender for Azure SQL databases
- Defender for SQL server on machines
- Defender for open-source relational databases
- Defender for Azure Cosmos DB
These plans protect all of the supported databases in your subscription.
To enable specific database protections on your subscription:
-
Sign in to the Azure portal.
-
Search for and select Microsoft Defender for Cloud.
-
In the Defender for Cloud menu, select Environment settings.
-
Select the relevant subscription.
-
On the Defender plans page, locate the Databases plan and select Select types.
:::image type="content" source="media/tutorial-enabledatabases-plan/select-types.png" alt-text="Screenshot that shows you where to select, select types on the Defender plans page." lightbox="media/tutorial-enabledatabases-plan/select-types.png":::
-
In the Resource types selection window, toggle the desired plans to On or Off.
:::image type="content" source="media/tutorial-enabledatabases-plan/individual-plans-on.png" alt-text="Screenshot that shows the toggle switches for each of the four available plans." lightbox="media/tutorial-enabledatabases-plan/individual-plans-on.png":::
-
(Optional) Exclude specific database resource types by toggling them to Off.
-
Select Continue.
-
Select Save.