Azure Defender for Azure SQL Database

Lab Steps

Logging in to the Microsoft Azure Portal
Exploring the Sample SQL Database
Enabling Advanced Data Security (ADS) for Azure SQL Database
Using AD Data Discovery & Classification
Using AD SQL Vulnerability Assessment

Ready for the real environment experience?

Time Limit1h


Azure SQL Database has built-in data security capabilities collectively known as Azure Defender (AD). AD provides multiple security pillars to improve your database security posture:

  1. Data discovery & classification
  2. Vulnerability assessment
  3. Advanced threat protection

In this lab, you will demonstrate the capabilities of each of these services and understand how AD provides security as a service for your database. Specifically, you will see how AD can help your organization achieve security compliance, proactively remediate vulnerabilities, and protect your data from attacks. You will also see how AD can alert you to any threats it discovers and also enrich your database audit logs with security sensitivity information.

Lab Objectives

Upon completion of this Lab you will be able to:

  • Configure Azure Defender and auditing for Azure SQL Databases
  • Explain the benefits of each of the security services provided by AD
  • Use AD to remediate vulnerabilities and threats in your database
  • Use AD to improve your compliance with various security 

Intended Audience

This lab is intended for:

  • DP-200 Implementing an Azure Data Solution exam candidates
  • Anyone interested in securing Azure SQL Database instances


You should be familiar with:

  • Azure Storage and SQL Database basics

You can complete the Designing an Azure Data Implementation course to gain this knowledge.


May 13th, 2021 - Updated the instructions to match the latest portal experience

July 3rd, 2020 - Updated the instructions for viewing the ADS server settings to match the latest portal experience

March 12th, 2020 - Updated the lab startup template to automatically enable ADS to avoid an issue preventing the ability of students to configure the ADS storage account

 January 7th, 2021 - Updated lab for ADS re-branding to Azure Defender

Environment before
Environment after
About the Author
Learning paths30

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.