Azure Security Center has launched a set of new SQL related recommendations. Most of the new recommendations are aligned with Azure CIS requirements. Now, using Security Center ensures even greater protection for your SQL resources.
- Advanced data security should be enabled on your SQL servers
- Vulnerability assessment should be enabled on your SQL servers
- SQL servers should be configured with auditing retention days greater than 90 days
- Email notifications to admins and subscription owners should be enabled in SQL server advanced data security settings
- All advanced threat protection types should be enabled in SQL server advanced data security settings
- SQL server TDE protector should be encrypted with your own key
For more information, see the Data and storage recommendations in the Azure Security Center documentation.