Set-AzureRmSqlDatabaseThreatDetectionPolicy

Sets a threat detection policy on a database.

Warning

The AzureRM PowerShell module has been officially deprecated as of February 29, 2024. Users are advised to migrate from AzureRM to the Az PowerShell module to ensure continued support and updates.

Although the AzureRM module may still function, it's no longer maintained or supported, placing any continued use at the user's discretion and risk. Please refer to our migration resources for guidance on transitioning to the Az module.

Syntax

Set-AzureRmSqlDatabaseThreatDetectionPolicy
   [-PassThru]
   [-NotificationRecipientsEmails <String>]
   [-EmailAdmins <Boolean>]
   [-ExcludedDetectionType <DetectionType[]>]
   [-StorageAccountName <String>]
   [-RetentionInDays <UInt32>]
   [-ServerName] <String>
   [-DatabaseName] <String>
   [-ResourceGroupName] <String>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzureRmSqlDatabaseThreatDetectionPolicy cmdlet sets a threat detection policy on an Azure SQL database. In order to enable threat detection on a database an auditing policy must be enabled on that database. To use this cmdlet, specify the ResourceGroupName, ServerName and DatabaseName parameters to identify the database. This cmdlet is also supported by the SQL Server Stretch Database service on Azure.

Examples

Example 1: Set the threat detection policy for a database

PS C:\>Set-AzureRmSqlDatabaseThreatDetectionPolicy -ResourceGroupName "ResourceGroup11" -ServerName "Server01" -DatabaseName "Database01" -NotificationRecipientsEmails "admin01@contoso.com;secadmin@contoso.com" -EmailAdmins $False -ExcludedDetectionType "Sql_Injection_Vulnerability", "SQL_Injection" -StorageAccountName "mystorageAccount"

This command sets the threat detection policy for a database named Database01 on the server named Server01.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DatabaseName

Specifies the name of the database where the policy is set.

Type:String
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure

Type:IAzureContextContainer
Aliases:AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-EmailAdmins

Specifies whether the threat detection policy contacts administrators by using email.

Type:Nullable<T>[Boolean]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ExcludedDetectionType

Specifies an array of detection types to exclude from the policy. The acceptable values for this parameter are:

  • Sql_Injection
  • Sql_Injection_Vulnerability
  • Access_Anomaly
  • None
Type:DetectionType[]
Accepted values:Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, None
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-NotificationRecipientsEmails

Specifies a semicolon-separated list of email addresses to which the policy sends alerts.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResourceGroupName

Specifies the name of the resource group to which the server is assigned.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-RetentionInDays

The number of retention days for the audit logs

Type:Nullable<T>[UInt32]
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-ServerName

Specifies the name of the server.

Type:String
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-StorageAccountName

Specifies the name of the storage account to be used. Wildcards are not permitted. This parameter is not required. When this parameter is not provided, the cmdlet will use the storage account that was defined previously as part of the threat detection policy of the database. If this is the first time a database threat detection policy is defined and this parameter is not provided, the cmdlet will fail.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:True
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Nullable<T>[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

DetectionType[]

Nullable<T>[[System.UInt32, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]

Outputs

DatabaseThreatDetectionPolicyModel