title | titleSuffix | description | author | ms.author | ms.reviewer | ms.date | ms.service | ms.subservice | ms.topic | ms.custom |
---|---|---|---|---|---|---|---|---|---|---|
Configure Advanced Threat Protection |
Azure SQL Managed Instance |
Advanced Threat Protection detects anomalous database activities indicating potential security threats to the database in Azure SQL Managed Instance. |
rmatchoro |
ronmat |
vanto, mathoma |
12/01/2020 |
sql-managed-instance |
security |
how-to |
sqldbrb=1 |
[!INCLUDEappliesto-sqlmi]
Advanced Threat Protection for an Azure SQL Managed Instance detects anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. Advanced Threat Protection can identify Potential SQL injection, Access from unusual location or data center, Access from unfamiliar principal or potentially harmful application, and Brute force SQL credentials - see more details in Advanced Threat Protection alerts.
You can receive notifications about the detected threats via email notifications or Azure portal
Advanced Threat Protection is part of the Microsoft Defender for SQL offering, which is a unified package for advanced SQL security capabilities. Advanced Threat Protection can be accessed and managed via the central Microsoft Defender for SQL portal.
-
Sign in to the Azure portal.
-
Navigate to the configuration page of the instance of SQL Managed Instance you want to protect. Under Security, select Microsoft Defender for Cloud.
-
For Enablement Status, select Configure to open the Server settings page.
:::image type="content" source="media/threat-detection-configure/defender-cloud-configure.png" alt-text="Screenshot shows the Microsoft Defender for Cloud page for a SQL managed instance with the option to configure." lightbox="media/threat-detection-configure/defender-cloud-configure.png":::
-
In the Server settings configuration page, for Microsoft Defender for SQL, select ON.
:::image type="content" source="../database/media/azure-defender-for-sql/set-up-advanced-threat-protection-mi.png" alt-text="Screenshot shows the Server settings page where you can set up advanced threat protection.":::
-
Choose Select Storage account and then select a storage account where Microsoft Defender for Cloud saves anomalous threat audit records.
-
Under Advanced Threat Protection Settings, select Add your contact details to the subscriptions email settings in Defender for Cloud.
-
For Email recipients, select users by role or add individual email addresses.
:::image type="content" source="media/threat-detection-configure/defender-cloud-email-notification.png" alt-text="Screenshot shows the Email notifications page where you can specify email recipients and notification types.":::
-
Select the Notification types sent by Microsoft Defender for Cloud. Learn more about Advanced Threat Protection alerts.
-
Select Save.
- Learn more about Advanced Threat Protection.
- Learn about managed instances, see What is an Azure SQL Managed Instance.
- Learn more about Advanced Threat Protection for Azure SQL Database.
- Learn more about SQL Managed Instance auditing.
- Learn more about Microsoft Defender for Cloud.