Configure Advanced Threat Protection in Azure SQL Managed Instance

Applies to: Azure SQL Managed Instance

Advanced Threat Protection for an Azure SQL Managed Instance detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials - see more details in Advanced Threat Protection alerts.

You can receive notifications about the detected threats via email notifications or Azure portal

Advanced Threat Protection is part of the Microsoft Defender for SQL offering, which is a unified package for advanced SQL security capabilities. Advanced Threat Protection can be accessed and managed via the central Microsoft Defender for SQL portal.

Azure portal

  1. Sign into the Azure portal.

  2. Navigate to the configuration page of the instance of SQL Managed Instance you want to protect. Under Security, select Microsoft Defender for Cloud.

  3. In the Microsoft Defender for SQL configuration page:

    • Turn ON Microsoft Defender for SQL.
    • Configure the Send alerts to email address to receive security alerts upon detection of anomalous database activities.
    • Select the Azure storage account where anomalous threat audit records are saved.
    • Select the Advanced Threat Protection types that you would like configured. Learn more about Advanced Threat Protection alerts.
  4. Click Save to save the new or updated Microsoft Defender for SQL policy.

    set up advanced threat protection

Next steps