last sync: 2025-Mar-26 20:41:27 UTC

[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings
Id bda18df3-5e41-4709-add9-2554ce68c966
Version 1.0.1-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.1 (1.0.1-deprecated)
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description It's recommended to enable all Advanced Threat Protection types on your SQL Managed Instance. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: ebe970fe-9c27-4dd7-a165-1e943d565e10
DisplayName: All advanced threat protection types should be enabled in SQL managed instance advanced data security settings
Description: It is recommended to enable all advanced threat protection types on your SQL managed instances. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.
Remediation description: To set advanced threat protection types to 'All' on a managed instance:
1. Select the SQL server.
2. Make sure that 'Advanced data security' is set to 'On'.
3. Under 'Advanced threat protection types', mark the check box for 'all'.
4. click OK.
5. Select 'Save'.
Categories: Data
Severity: Medium
User impact: High
Implementation effort: Low
Threats: DataExfiltration, DataSpillage, MaliciousInsider, ThreatResistance
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Sql/managedInstances/securityAlertPolicies/disabledAlerts[*] Microsoft.Sql managedInstances/securityAlertPolicies properties.disabledAlerts[*] True False
Rule resource types IF (1)
Microsoft.Sql/managedInstances
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-07-01 14:50:07 change Previous DisplayName: Advanced Threat Protection types should be set to 'All' in SQL managed instance Advanced Data Security settings
JSON compare n/a
JSON
api-version=2021-06-01
EPAC