AzPolicyAdvertizer

last sync: 2025-Apr-29 17:16:02 UTC

[Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings

Azure BuiltIn Policy definition

Source Azure Portal
Display name [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings
Id e756b945-1b1b-480b-8de8-9a0859d5f7ad
Version 1.0.0-deprecated
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0 (1.0.0-deprecated)
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description It is recommended to enable all Advanced Threat Protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.
Cloud environments AzureCloud = true
AzureUSGovernment = unknown
AzureChinaCloud = unknown
Available in AzUSGov Unknown, no evidence if Policy definition is/not available in AzureUSGovernment
Assessment(s) Assessments count: 1
Assessment Id: f7010359-8d21-4598-a9f2-c3e81a17141e
DisplayName: All advanced threat protection types should be enabled in SQL server advanced data security settings
Description: It is recommended to enable all advanced threat protection types on your SQL servers. Enabling all types protects against SQL injection, database vulnerabilities, and any other anomalous activities.
Remediation description: To set advanced threat protection types to 'All' on SQL servers:
1. Select the SQL server.
2. Make sure that 'Advanced data security' is set to 'On'.
3. Under 'Advanced threat protection types', mark the check box for 'all'.
4. click OK.
5. Select 'Save'.
Categories: Data
Severity: Medium
User impact: High
Implementation effort: Low
Threats: DataExfiltration, DataSpillage, MaliciousInsider, ThreatResistance
Mode Indexed
Type BuiltIn
Preview False
Deprecated True
Effect Default
Disabled
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Sql/servers/securityAlertPolicies/disabledAlerts[*] Microsoft.Sql servers/securityAlertPolicies properties.disabledAlerts[*] True False
Rule resource types IF (1)
Compliance Not a Compliance control
Initiatives usage none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-07-01 14:50:07 change Previous DisplayName: Advanced Threat Protection types should be set to 'All' in SQL server Advanced Data Security settings
JSON compare n/a
JSON
api-version=2021-06-01
EPAC