This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 12%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
I receive a High Severity alert which reads "Someone has extracted an unusual amount of potentially sensitive data from your SQL server xxxx".
Normally, the application executing the query returns a few rows but it is acceptable that the client requests a significant number of rows, which triggers this alert.
I cannot find this alert in https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/security-center/alerts-reference.md
I wouldn't mind if this was a "low" or "moderate" alert which didn't frighten those who view it.
Is it possible to tweak something in the Advanced Threat Protection for SQL Server? Can this alert be removed?
THANKS!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 90%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 1%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETP%3C/text%3E%3C/svg%3E)
This is an Azure message, not a SQL Server message. Your question would be better answered on the Azure forum.
See "PREVIEW - Unusual amount of data extracted from a Cosmos DB account" :
https://learn.microsoft.com/en-us/azure/security-center/alerts-reference
Thanks Tom. I have seen the reference re' Cosmos DB account. It references the error severity as "medium". The email which we received declares the error severity to be "high". If, however, I find the alert in the Azure Security Center console, it informs me the error severity is "informational".
I'm good with informational but red flags are waved when my manager gets an email with SQL Server data extraction error with serverity of "high".
In fact, the data extraction was valid user processing.
I would like to know how to mediate the error level being reported or toggle the security alert limit for rows retrieved. Are either of these alternatives possible?
THANKS!