Identify SQL Servers protected by Microsoft Monitoring Agent

Microsoft Defender for Cloud's Defender for SQL Server on Machines plan provides database security to protect SQL Server instances hosted on Azure, and on-premises machines. With the retirement of the Microsoft Monitoring Agent (MMA), on August 1,2024, the Defender for SQL Server on Machines plan requires meeting the required perquisites and deploying Azure Arc on all non-Azure SQL Server instances.

Once Azure Arc is deployed and following the release on the updated agent, your SQL Server instances will migrate automatically and seamlessly to the updated agent. To ensure your SQL servers are correctly protected, we recommend the installation of Azure Arc.

Determine which SQL servers are protected by the legacy MMA

You can identify SQL servers onboarded to the Defender for SQL Server on Machines plan with the legacy MMA in your environment without Azure Arc installed.

1. Sign in to the Azure portal.

2. Search for and select Azure Resource Graph Explorer.

3. Copy and paste the following query into the query window:

   securityresources 
   | where type == "microsoft.security/assessments/subassessments" 
   | extend assessmentKey = extract(@"(?i)providers/Microsoft.Security/assessments/([^/]*)", 1, id) 
   | where assessmentKey == "f97aa83c-9b63-4f9a-99f6-b22c4398f936" 
   | where tostring(properties.resourceDetails.source) == "OnPremiseSql" 
   | extend lastScanTime = todatetime(properties.timeGenerated) 
   | where lastScanTime > ago(30d) 
   | extend machineName = tostring(properties.resourceDetails.machineName) 
   | extend machineUuid = tostring(properties.resourceDetails.vmuuid) 
   | distinct machineName, machineUuid
   

4. Select Run query.

   

5. For any results returned, connect hybrid machines with Azure Arc-enabled servers.

Related content

• Enable Defender for SQL Servers on Machines
• Verify SQL machine protection
• Troubleshoot Defender for SQL on Machines configuration