Ensure that "Also send email notification to admins and subscription owners" feature is enabled for your Microsoft Azure SQL servers within Advanced Threat Protection service configuration settings. Advanced Threat Protection security service is managed by Advanced Data Security (ADS) – a security suite that includes services such as Data Discovery and Classification, Vulnerability Assessment and Advanced Threat Protection.
Once the feature is enabled, your Azure account administrators and subscription owners should also receive email notifications upon detection of abnormal SQL database activity. These email alerts provide information on suspicious security events including the nature of the activity, server name, database name, application name, and the time when the event was triggered. In addition, the email notification alert provides information on possible causes and recommended actions to investigate the security issues and threats found and mitigate them in a successful manner. Sending email alerts to Azure administrators and subscription owners ensures that any security issue is reported as soon as possible, making it possible to mitigate any potential risk faster and easier.
Audit
To determine if "Also send email notification to admins and subscription owners" feature is enabled, perform the following actions:
Remediation / Resolution
To enable Azure administrators and subscription owners to receive threat detection email notification alerts for their Microsoft Azure SQL servers, perform the following actions:
References
- Azure Official Documentation
- Advanced data security for Azure SQL Database
- Azure SQL Database Advanced Threat Protection for single or pooled databases
- Advanced Threat Protection for Azure SQL Database
- Built-in roles for Azure resources
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- SQL
- Get-AzSqlServer
- Get-AzureRmSqlServerThreatDetectionPolicy
- Set-AzureRmSqlServerThreatDetectionPolicy
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Enable Email Alerts for Administrators and Subscription Owners
Risk level: Medium