Managed Server Security Alert Policies - Create Or Update

Creates or updates a threat detection policy.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/managedInstances/{managedInstanceName}/securityAlertPolicies/Default?api-version=2021-02-01-preview

URI Parameters

Name In Required Type Description
managedInstanceName
path True
  • string

The name of the managed instance.

resourceGroupName
path True
  • string

The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal.

securityAlertPolicyName
path True

The name of the security alert policy.

subscriptionId
path True
  • string

The subscription ID that identifies an Azure subscription.

api-version
query True
  • string

The API version to use for the request.

Request Body

Name Required Type Description
properties.state True

Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

properties.disabledAlerts
  • string[]

Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force

properties.emailAccountAdmins
  • boolean

Specifies that the alert is sent to the account administrators.

properties.emailAddresses
  • string[]

Specifies an array of e-mail addresses to which the alert is sent.

properties.retentionDays
  • integer

Specifies the number of days to keep in the Threat Detection audit logs.

properties.storageAccountAccessKey
  • string

Specifies the identifier key of the Threat Detection audit storage account.

properties.storageEndpoint
  • string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

Responses

Name Type Description
200 OK

Successfully updated the threat detection policy.

202 Accepted

Created request to set the server threat detection policy.

Other Status Codes

*** Error Responses: ***

  • 400 SecurityAlertPoliciesInvalidStorageAccountName - The provided storage account is not valid or does not exist.

  • 400 SecurityAlertPoliciesInvalidStorageAccountCredentials - The provided storage account access key is not valid.

  • 400 UpdateNotAllowedOnServerContainingPausedDWDatabase - Setting server Threat Detection settings is not allowed on a server with a paused Data Warehouse database

  • 400 SecurityAlertPoliciesInsufficientDiskSpace - Insufficient disk space to save security alert policy metadata in the database

  • 400 SecurityAlertPoliciesInsufficientStorageAccountPermissions - Insufficient read or write permissions on the provided storage account.

  • 400 SecurityAlertPoliciesStorageAccountIsDisabled - The storage account provided in the threat detection policy is disabled.

  • 400 InvalidServerSecurityAlertPolicyCreateRequest - The create server Threat Detection security alert policy request does not exist or has no properties object.

  • 400 DataSecurityInvalidUserSuppliedParameter - An invalid parameter value was provided by the client.

  • 400 UpsertServerSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later

  • 400 UpsertServerSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later

  • 404 SubscriptionDoesNotHaveServer - The requested server was not found

  • 404 UpsertServerSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later

  • 409 ServerSecurityAlertPolicyInProgress - Set server security alert policy is already in progress

  • 409 UpsertServerSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later

  • 500 DatabaseIsUnavailable - Loading failed. Please try again later.

  • 500 UpsertServerSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later

  • 500 UpsertServerSecurityAlertPolicyFailed - An error has occurred while saving Threat detection settings, please try again later

Examples

Update a managed server's threat detection policy with all parameters
Update a managed server's threat detection policy with minimal parameters

Update a managed server's threat detection policy with all parameters

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/managedInstances/securityalert-6440/securityAlertPolicies/Default?api-version=2021-02-01-preview
{
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": true,
    "emailAddresses": [
      "testSecurityAlert@microsoft.com"
    ],
    "disabledAlerts": [
      "Access_Anomaly",
      "Usage_Anomaly"
    ],
    "retentionDays": 5,
    "storageAccountAccessKey": "sdlfkjabc+sdlfkjsdlkfsjdfLDKFTERLKFDFKLjsdfksjdflsdkfD2342309432849328476458/3RSD==",
    "storageEndpoint": "https://mystorage.blob.core.windows.net"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/managedInstances/securityalert-6440",
  "name": "Default",
  "type": "Microsoft.Sql/managedInstances/securityAlertPolicies",
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-04-03T04:41:33.937Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-04-03T04:41:33.937Z"
  },
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": true,
    "emailAddresses": [
      "testSecurityAlert@microsoft.com"
    ],
    "disabledAlerts": [
      "Access_Anomaly",
      "Usage_Anomaly"
    ],
    "retentionDays": 5,
    "storageAccountAccessKey": "",
    "storageEndpoint": "https://mystorage.blob.core.windows.net"
  }
}

Update a managed server's threat detection policy with minimal parameters

Sample Request

PUT https://management.azure.com/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/managedInstances/securityalert-6440/securityAlertPolicies/Default?api-version=2021-02-01-preview
{
  "properties": {
    "state": "Enabled"
  }
}

Sample Response

{
  "id": "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/securityalert-4799/providers/Microsoft.Sql/managedInstances/securityalert-6440",
  "name": "Default",
  "type": "Microsoft.Sql/managedInstances/securityAlertPolicies",
  "systemData": {
    "createdBy": "string",
    "createdByType": "User",
    "createdAt": "2020-04-03T04:41:33.937Z",
    "lastModifiedBy": "string",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2020-04-03T04:41:33.937Z"
  },
  "properties": {
    "state": "Enabled",
    "emailAccountAdmins": true,
    "emailAddresses": [],
    "disabledAlerts": [],
    "retentionDays": 0,
    "storageAccountAccessKey": "",
    "storageEndpoint": ""
  }
}

Definitions

createdByType

The type of identity that created the resource.

ManagedServerSecurityAlertPolicy

A managed server security alert policy.

SecurityAlertPolicyName

The name of the security alert policy.

SecurityAlertsPolicyState

Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

systemData

Metadata pertaining to creation and last modification of the resource.

createdByType

The type of identity that created the resource.

Name Type Description
Application
  • string
Key
  • string
ManagedIdentity
  • string
User
  • string

ManagedServerSecurityAlertPolicy

A managed server security alert policy.

Name Type Description
id
  • string

Resource ID.

name
  • string

Resource name.

properties.creationTime
  • string

Specifies the UTC creation time of the policy.

properties.disabledAlerts
  • string[]

Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force

properties.emailAccountAdmins
  • boolean

Specifies that the alert is sent to the account administrators.

properties.emailAddresses
  • string[]

Specifies an array of e-mail addresses to which the alert is sent.

properties.retentionDays
  • integer

Specifies the number of days to keep in the Threat Detection audit logs.

properties.state

Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

properties.storageAccountAccessKey
  • string

Specifies the identifier key of the Threat Detection audit storage account.

properties.storageEndpoint
  • string

Specifies the blob storage endpoint (e.g. https://MyAccount.blob.core.windows.net). This blob storage will hold all Threat Detection audit logs.

systemData

SystemData of SecurityAlertPolicyResource.

type
  • string

Resource type.

SecurityAlertPolicyName

The name of the security alert policy.

Name Type Description
Default
  • string

SecurityAlertsPolicyState

Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database.

Name Type Description
Disabled
  • string
Enabled
  • string

systemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt
  • string

The timestamp of resource creation (UTC).

createdBy
  • string

The identity that created the resource.

createdByType

The type of identity that created the resource.

lastModifiedAt
  • string

The timestamp of resource last modification (UTC)

lastModifiedBy
  • string

The identity that last modified the resource.

lastModifiedByType

The type of identity that last modified the resource.