Prerequisites Check

Implementation Effort: Medium
Customer IT and Security Operations teams must validate cloud subscriptions, enable Defender for Cloud, and connect multicloud environments before enabling Defender for Databases.

User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.

Overview

Before enabling Microsoft Defender for Databases, organizations must complete several prerequisites to ensure a successful and secure deployment. These steps are essential for activating the database protection plans across Azure, AWS, and GCP environments.

Key Prerequisites

1. Azure Subscription

   • You must have an active Microsoft Azure subscription. If not, sign up for a free subscription.

2. Enable Microsoft Defender for Cloud

   • Defender for Databases is a feature within Microsoft Defender for Cloud. You must enable Defender for Cloud on your Azure subscription.

3. Connect Multicloud Environments

   • If you plan to protect databases hosted on AWS or GCP, you must connect those accounts to Microsoft Defender for Cloud.

4. Enable the Databases Plan

   • Once prerequisites are met, you can enable the Databases plan, which activates the following modules:
     • Defender for Azure SQL Databases
     • Defender for SQL Servers on Machines
     • Defender for Open-Source Relational Databases
     • Defender for Azure Cosmos DB

These steps align with the Zero Trust principle of "Verify Explicitly", ensuring that all environments and workloads are authenticated and authorized before protection is applied. Skipping these prerequisites may result in incomplete coverage, leaving critical workloads unmonitored and vulnerable to threats.

Reference

• Protect your databases with Defender for Databases
• Overview of Microsoft Defender for Databases
• Enable Microsoft Defender for SQL Servers on Machines