Skip to content

Use Advanced Threat Protection#

Security · SQL Database · Azure.SQL.ThreatDetection

Enable Advanced Thread Protection for Azure SQL logical server.

Description#

Enable Advanced Thread Protection for Azure SQL logical server.

Recommendation#

Consider enabling Advanced Data Security and configuring Advanced Thread Protection for SQL logical servers.

Examples#

Configure with Azure template#

{
    "comments": "Create or update an Azure SQL logical server.",
    "type": "Microsoft.Sql/servers",
    "apiVersion": "2019-06-01-preview",
    "name": "[parameters('serverName')]",
    "location": "[parameters('location')]",
    "tags": "[parameters('tags')]",
    "kind": "v12.0",
    "identity": {
        "type": "SystemAssigned"
    },
    "properties": {
        "administratorLogin": "[parameters('adminUsername')]",
        "version": "12.0",
        "publicNetworkAccess": "[if(parameters('allowPublicAccess'), 'Enabled', 'Disabled')]",
        "administratorLoginPassword": "[parameters('adminPassword')]",
        "minimalTLSVersion": "1.2"
    },
    "resources": [
        {
            "type": "Microsoft.Sql/servers/securityAlertPolicies",
            "apiVersion": "2020-02-02-preview",
            "name": "[concat(parameters('serverName'), '/Default')]",
            "dependsOn": [
                "[resourceId('Microsoft.Sql/servers', parameters('serverName'))]"
            ],
            "properties": {
                "state": "Enabled"
            }
        }
    ]
}

Configure with Azure PowerShell#

Set-AzSqlDatabaseThreatDetectionPolicy -ResourceGroupName '<resource_group>' -ServerName '<server_name>' -DatabaseName '<database>' -StorageAccountName '<account_name>' -NotificationRecipientsEmails '<email>' -EmailAdmins $False

Last update: 2021-09-24