Microsoft Defender for open-source relational DB

If you navigate to the overview section of your MySQL server you will see a notification area, here you will find security section. It’s basically an area to provide some hints / tips if things have not been configured such as if you have not enabled query store it may well suggest it. For this blog it is suggesting I consider a feature called Microsoft Defender.

You are probably ( like me) getting confused with past names. This used to be called Azure defender or Security centre, the new name is Microsoft Defender, this specifically is for the open-source database variant which can be enabled for Azure MySQL ( only for Single Server – General Purpose and Memory Optimized), MariaDB and PostgreSQL.

There few alerts that it tracks, below is a summarised list.

  • Suspected brute force attack
  • Attempted logon by a potentially harmful application
  • Login from a principal user not seen in 60 days
  • Login from a domain not seen in 60 days
  • Logon from an unusual cloud provider
  • Log on from an unusual location
  • Login from a suspicious IP

You can the explanations of these from:

So, when you want to enable this, you can only do it at a resource level. This is different to Azure SQL where you enable it at the resource AND / OR subscription level.

Once you navigate to MySQL server and click Microsoft Defender it will show you that you can enable this for a 30 day trial with some rough costings.

Once enabled you will take you to the inventory.

Find your relevant server and it will also offer you some areas to improve on – resource health status, such as below.

One thing I noticed when going back to the MySQL server blade within Azure Portal, it is wrong with the database naming as circled below

Its MySQL server not SQL server… something for MS to fix there.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s