This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .
We’re excited to announce the general availability of Microsoft Defender for Cloud support for Azure Database for MySQL - Flexible Server. The Defender for Cloud Advanced Threat Protection (ATP) feature simplifies security management of your MySQL flexible server by enabling effortless threat prevention, detection, and mitigation through increased visibility into and control over harmful events.
With the Defender for Cloud ATP feature, you don’t need to be a security expert to safeguard your MySQL flexible server against today’s growing threat landscape. ATP uses integrated security monitoring to detect anomalous database access and query patterns, as well as suspicious database activities, to provide security recommendations and alerts.
These recommendations and alerts are categorized and assigned severity levels, indicating what triggered them, the associated MITRE ATT&CK tactic, and the seriousness of the potential threat to your server in real-time.
When Defender for Cloud ATP issues a security recommendation or alert, it identifies the steps you can take to remediate the threat and secure your MySQL flexible server.
Enabling Defender for Cloud ATP
Defender for Cloud ATP for MySQL Flexible Server can be enabled after the creation of a new server in the Azure Portal by navigating to the server’s Security menu, selecting Microsoft Defender for Cloud, and then selecting Enable.
Note: When you try to enable Defender on MySQL flexible servers that are awaiting an internal update, the following error may appear:
"The server <server_name> is not compatible with Advanced Threat Protection. Please contact Microsoft support to update the server to a supported version."
While this error will be resolved automatically with the next internal update, you can also open a support ticket to force an immediate update.
Limitations
When migrating from Azure Database for MySQL - Single Server to Flexible Server with Defender for Cloud enabled, only the enablement state is migrated.
The properties in the following table will need reconfiguration:
Property |
Type |
Description |
properties.disabledAlerts |
string[] |
Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly |
properties.emailAccountAdmins |
boolean |
Specifies that the alert is sent to the account administrators. |
properties.emailAddresses |
string[] |
Specifies an array of e-mail addresses to which the alert is sent. |
For instructions on how to configure the email properties for Advanced Threat Protection security alerts, see the article Quickstart: Configure email notifications for security alerts. For instructions on how to configure the disabledAlerts property, see the article Suppress alerts from Microsoft Defender for Cloud.
Important: With the server-level implementation for Azure Database for MySQL Flexible Server, Defender for Cloud automatically configures the properties in the following table and no storage functionality is lost.
Property |
Type |
Description |
properties.retentionDays |
integer |
Specifies the number of days to keep in the Threat Detection audit logs. |
properties.storageAccountAccessKey |
string |
Specifies the identifier key of the Threat Detection audit storage account. |
properties.storageEndpoint |
string |
|
Conclusion
In this post, I’ve described the Defender for Cloud ATP feature and how it can simplify security management for your MySQL flexible server.
If you have any questions about the details provided above, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!