Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'

Turning on Microsoft Defender for Open-source relational databases enables threat detection for Open-source relational databases, providing threat intelligence, anomaly detection, and behavior analytics in the Microsoft Defender for Cloud.

Risk Level: High
Cloud Entity: Defender Plans
CloudGuard Rule ID: D9.AZU.MON.76
Covered by Spectral: No
Category: Security Center


DefenderPlans where name='OpenSourceRelationalDatabases' should have properties.pricingTier='Standard'


From Portal

  1. Go to 'Microsoft Defender for Cloud'.
  2. Click on 'Environment Settings' blade.
  3. Click on the subscription name.
  4. Select the Defender plans blade.
  5. Click Select types > in the row for Databases.
  6. Set the radio button next to 'Open-source relational databases' to On.
  7. Select Continue.
  8. Click Save.

From TF
Set the 'tier' and 'resource_type' arguments under 'azurerm_security_center_subscription_pricing' as below:

resource "azurerm_security_center_subscription_pricing" "example" {
	tier    = "Standard"
	resource_type = "OpenSourceRelationalDatabases"

From Command Line

Use the below command to enable Azure Defender for Open-source relational databases

az security pricing create -n 'OpenSourceRelationalDatabases' --tier 'standard'


  1. https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-databases-introduction
  2. https://learn.microsoft.com/en-us/cli/azure/security/pricing?view=azure-cli-latest
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_subscription_pricing

Defender Plans

The Defender plans of Microsoft Defender for Cloud offer comprehensive defenses for the compute, data, and service layers of your environment

Compliance Frameworks

  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset