Your organization is using Microsoft Defender for Cloud to protect Azure SQL databases. You need to enable Advanced Threat Protection (ATP) for all existing and future Azure SQL databases in a subscription. The solution must minimize administrative effort. What should you do?
Correct. Enabling the plan at the subscription level applies to all current and future resources.
Why this answer
Option B is correct because enabling Defender for Cloud at the subscription level with the SQL servers on machines plan (or Azure SQL databases plan) will automatically enable ATP for all supported resources, including future ones. Option A is wrong because enabling per database is not scalable. Option C is wrong because Azure Policy can be used but is not the most efficient direct method.
Option D is wrong because Microsoft Sentinel is not for enabling ATP.