メインコンテンツへスキップ

Build Remediation Logic

Implementation Effort: Medium
Customer IT and Security Operations teams must coordinate across security and IT roles to define, request, and track remediation actions based on Defender for Cloud findings.

User Impact: Low
All actions are performed by administrators or IT teams; no user-facing changes or notifications are required.

Overview

Building remediation logic in Microsoft Defender for Databases involves defining workflows to address security recommendations and vulnerability findings. Defender for Cloud provides actionable insights for database workloads, including Azure SQL, SQL Servers on machines, and multicloud databases. These insights can be used to trigger remediation workflows, either manually or through integration with tools like Microsoft Intune.

Key Steps

  1. Review Security Recommendations

    • Navigate to Microsoft Defender for Cloud > Recommendations.
    • Filter for database-related recommendations (e.g., missing vulnerability assessments, misconfigurations).
  2. Request Remediation

    • Select a recommendation and choose Request remediation.
    • Fill in the remediation form, including priority, due date, and optional notes 1.
  3. Integrate with Microsoft Intune (Optional)

    • Enable the Intune connection in Defender portal > Settings > Endpoints > General > Advanced features.
    • This allows security teams to create remediation tasks that IT admins can deploy via Intune 1.
  4. Track Remediation Progress

    • Use the Remediation page in Defender for Cloud to monitor the status of submitted requests.
    • This helps ensure accountability and timely resolution of vulnerabilities.
  5. Automate Where Possible

    • Use Azure Policy or Logic Apps to automate remediation for recurring issues (e.g., enabling auditing, enforcing encryption).

This approach supports the Zero Trust principle of "Assume Breach" by ensuring that identified vulnerabilities are not only detected but also actively remediated. Without structured remediation logic, organizations risk leaving known issues unresolved, increasing exposure to threats.

Reference