Ensure that the Advanced Threat Protection service is configured to have at least one email address where notification alerts will be sent when abnormal activities are detected on your Microsoft Azure SQL database servers. Advanced Threat Protection security service is managed by Advanced Data Security (ADS) – a unified security package that provides Data Discovery and Classification, Vulnerability Assessment and Advanced Threat Protection for Azure SQL servers.
By default, the "Send alerts to" setting is not enabled and configured. By providing at least one email address to receive notification alerts ensure that any detection of anomalous activity is reported as soon as possible to the right person or service, making it more likely to mitigate any potential risk faster and more efficiently.
Audit
To determine if "Send alerts to" setting is enabled and configured, perform the following actions:
Remediation / Resolution
To enable threat detection email notification alerts for your Microsoft Azure SQL servers, perform the following actions:
References
- Azure Official Documentation
- Advanced data security for Azure SQL Database
- Azure SQL Database Advanced Threat Protection for single or pooled databases
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- SQL
- Get-AzSqlServer
- Get-AzureRmSqlServerThreatDetectionPolicy
- Set-AzureRmSqlServerThreatDetectionPolicy
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Enable Email Alerts for SQL Threat Detection Service
Risk level: High