Determine Database Workload Protection Requirements
Implementation Effort: Medium
Customer IT and Security Operations teams need to assess database types, enable appropriate Defender plans, and integrate with multicloud environments.
User Impact: Low
All actions are taken by administrators; end users are not impacted or required to take action.
Overview
Microsoft Defender for Databases is a feature within Microsoft Defender for Cloud that provides advanced threat protection for various database types across Azure, on-premises, and multicloud environments. It supports protection for:
- Azure SQL Databases
- SQL Servers on machines (including on-premises and other clouds)
- Open-source relational databases (e.g., PostgreSQL, MySQL)
- Azure Cosmos DB
To determine protection requirements, organizations must evaluate their database estate, identify which workloads are in scope, and enable the corresponding Defender plans. Each plan is priced separately and can be enabled individually or collectively through the Databases plan in Defender for Cloud.
This capability supports the Zero Trust principle of "Assume Breach" by providing continuous threat detection, anomaly detection, and alerting for suspicious activities targeting databases. Without this protection, organizations risk delayed detection of attacks such as SQL injection, privilege escalation, or unauthorized access, which could lead to data breaches or service disruption.