주요 콘텐츠로 건너뛰기

Remediate & Review Database Security Recommendations

Implementation Effort: Medium
Customer IT and Security Operations teams must regularly review security recommendations and apply remediations using built-in tools or automation.

User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.

Overview

Microsoft Defender for Databases continuously evaluates your database resources against security best practices and generates actionable recommendations. These recommendations help identify misconfigurations, vulnerabilities, and exposure risks across Azure SQL, SQL Servers on machines, and multicloud databases.

Review Recommendations

  1. Access Recommendations

    • Go to Microsoft Defender for Cloud > Recommendations in the Azure portal.
    • Filter by database-related recommendations (e.g., SQL, Cosmos DB, PostgreSQL).

  2. Understand Severity and Impact

    • Recommendations are prioritized by risk level and impact on your secure score.
    • Examples include:
      • Missing vulnerability assessments
      • Public access to databases
      • Unencrypted connections 1

  3. Drill Down for Details

    • Select a recommendation to view affected resources, remediation steps, and related security controls 1.

Remediate Recommendations

  1. Manual Remediation

    • Select a recommendation and click Take action.
    • Follow the step-by-step remediation instructions provided 2.

  2. Use the Fix Button (If Available)

    • Some recommendations include a Fix button for bulk remediation.
    • Click Take action > Fix, then follow the guided steps 2.

  3. Automated Scripts for Multicloud

    • For AWS and GCP, Defender for Cloud can generate CLI scripts to automate remediation.
    • Copy and run the script in your cloud environment 2.

  4. Track Progress

    • After remediation, it may take a few minutes for the changes to reflect in the dashboard.
    • Use the Remediation tab to monitor progress and verify resolution.

This process supports the Zero Trust principle of "Assume Breach" by ensuring that known vulnerabilities and misconfigurations are promptly addressed, reducing the attack surface and improving overall security posture.

Reference