Skip to main content


4.2.1 Set Microsoft Defender for SQL to 'On' for critical SQL Servers (Automated)

Profile Applicability

• Level 2


Enable "Microsoft Defender for SQL" on critical SQL Servers.


Microsoft Defender for SQL is a unified package for advanced SQL security capabilities. Microsoft Defender is available for Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics. It includes functionality for discovering and classifying sensitive data, surfacing and mitigating potential database vulnerabilities, and detecting anomalous activities that could indicate a threat to your database. It provides a single go-to location for enabling and managing these capabilities.


Microsoft Defender for SQL is a paid feature and will incur additional cost for each SQL server.


From Azure Portal

  1. Go to SQL servers
  2. For each "critical" server instance (e.g. production SQL servers)
  3. Click on the Security Center blade
  4. Click configure, next to Microsoft Defender for SQL:
  5. Ensure that Microsoft defender for SQL is toggled to On

From Azure CLI

Get the list of all SQL Servers


For each Server

Get-AzSqlServerAdvancedThreatProtectionSetting -ResourceGroupName <resource group name> -ServerName <server name>

Ensure that ThreatDetectionState is set to Enabled.


From Azure Portal

  1. Go to SQL servers.
  2. For each "critical" server instance (for example, production SQL servers).
  3. Click the Microsoft Defender for Cloud blade.
  4. Click "Enable Microsoft Defender for SQL".

From Azure Powershell

Enable Advanced Data Security for a SQL Server:

Set-AzSqlServerThreatDetectionPolicy -ResourceGroupName <resource group name> -ServerName <server name> -EmailAdmins $True


  • Enabling 'Microsoft Defender for SQL' from the Azure portal enables Threat Detection
  • Using Powershell command Set-AzSqlServerThreatDetectionPolicy enables Microsoft Defender for SQL for a SQL server


Additional Information

  • You can only enable the feature 'Microsoft Defender for SQL' on SQL server and the same settings are inherently applied to the SQL databases hosted on the SQL server.