Determine Multicloud Dependencies

Implementation Effort: Medium
Customer IT and Security Operations teams need to onboard AWS and GCP environments, configure connectors, and enable appropriate Defender plans.

User Impact: Low
All actions are performed by administrators; end users are not affected or required to take action.

Overview

Determining multicloud dependencies in Microsoft Defender for Databases is a critical step in securing SQL workloads across AWS, GCP, and Azure. Defender for Cloud provides Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) capabilities that extend to multicloud environments. For Defender for Databases, this includes protection for SQL databases running on AWS EC2, Google Compute Engine, and other non-Azure platforms.

To enable protection, organizations must:

• Onboard AWS and GCP accounts using native connectors.
• Enable Defender for SQL on machines to protect SQL Server workloads in multicloud environments.
• Deploy required extensions such as Azure Arc, Microsoft Defender for Endpoint, and agentless scanning tools.

This setup supports the Zero Trust principle of "Assume Breach" by ensuring visibility and threat protection across all cloud environments. Without identifying and addressing multicloud dependencies, organizations risk blind spots in their security posture, leaving critical workloads exposed to threats.

Reference

• Determine multicloud dependencies - Microsoft Defender for Cloud
• Start planning multicloud protection in Microsoft Defender for Cloud
• Determine business needs for multicloud protection