Azure Defender is a cloud workload protection service that utilizes and agent-based deployment to analyze signals from Azure network fabric and the service control plane, to detect threats across all Azure resources. It can also analyze non-Azure resources, utilizing Azure Arc, including those on-premises and in both AWS and GCP (once they’ve been onboarded).
Azure Defender for SQL servers on machines extends the protections for your Azure-native SQL Servers to fully support hybrid environments and protect SQL servers (all supported version) hosted in Azure.
Enable ContainerRegistry in Azure Defender
The following example will fail the azure-security-center-defender-on-sql-servers-vms check.
The following example will pass the azure-security-center-defender-on-sql-servers-vms check.