Enable Defender for Database and CSPM Plan
Implementation Effort: Medium
Customer IT and Security Operations teams must enable multiple Defender plans across Azure and multicloud environments, which requires coordination and configuration.
User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.
Overview
Enabling Microsoft Defender for Databases and the Defender Cloud Security Posture Management (CSPM) plan ensures comprehensive protection for your database workloads and cloud environments. These plans are part of Microsoft Defender for Cloud and provide advanced threat detection, posture management, and compliance monitoring.
Defender for Databases
This plan includes four modules:
- Defender for Azure SQL Databases
- Defender for SQL Servers on Machines (including on-premises and multicloud via Azure Arc)
- Defender for Open-Source Relational Databases (e.g., PostgreSQL, MySQL)
- Defender for Azure Cosmos DB
To enable:
- Sign in to the Azure portal.
- Go to Microsoft Defender for Cloud.
- Select Environment settings.
- Choose the relevant Azure subscription, AWS account, or GCP project.
- On the Defender plans page, toggle the Databases plan to On 1.
Defender CSPM Plan
This plan enhances your cloud security posture with features like:
- Governance and regulatory compliance
- Cloud security explorer
- Attack path analysis
- Agentless scanning
- Sensitive data discovery
To enable:
- In the same Defender plans page, toggle the Defender CSPM plan to On.
- Click Save to apply changes 2.
These capabilities align with the Zero Trust principle of "Assume Breach" by ensuring visibility, continuous monitoring, and proactive threat detection across all cloud and database environments. Without enabling these plans, organizations risk blind spots in their security posture and delayed response to threats.