Configure Advanced Threat Protection for Azure SQL Database

APPLIES TO: yesAzure SQL Database

Advanced Threat Protection for Azure SQL Database detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials - see more details in Advanced Threat Protection alerts.

You can receive notifications about the detected threats via email notifications or Azure portal

Advanced Threat Protection is part of the advanced data security offering, which is a unified package for advanced SQL security capabilities. Advanced Threat Protection can be accessed and managed via the central SQL Advanced Data Security portal.

Set up Advanced Threat Protection in the Azure portal

  1. Sign into the Azure portal.

  2. Navigate to the configuration page of the server you want to protect. In the security settings, select Advanced Data Security.

  3. On the Advanced Data Security configuration page:

    • Enable Advanced Data Security on the server.
    • In Advanced Threat Protection Settings, in the Send alerts to text box, provide the list of emails to receive security alerts upon detection of anomalous database activities.

    Set up Advanced Threat Protection

Set up Advanced Threat Protection using PowerShell

For a script example, see Configure auditing and Advanced Threat Protection using PowerShell.

Next steps