Azure SQL Database threat detection for single or pooled databases
Threat detection for single and pooled databases detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Threat detection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials - see more details in threat detection alerts.
Threat detection is part of the advanced data security (ADS) offering, which is a unified package for advanced SQL security capabilities. Threat detection can be accessed and managed via the central SQL ADS portal. The advanced data security package is charged 15$/month per Logical Server, with the first 30 days free of charge.
Set up threat detection for your database in the Azure portal
- Launch the Azure portal at https://portal.azure.com.
- Navigate to the configuration page of the Azure SQL Database server you want to protect. In the security settings, select Advanced Data Security.
On the Advanced Data Security configuration page:
- Enable advanced data security on the server.
- In Threat Detection Settings, in the Send alerts to text box, provide the list of emails to receive security alerts upon detection of anomalous database activities.
Set up threat detection using PowerShell
For a script example, see Configure auditing and threat detection using PowerShell.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.