Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy

LOW

Description

Azure SQL Database Threat Protection has an email notification function to help ensure that administrators are notified when an alert is triggered. This should be enabled as best practice.

Remediation

At this time, the console UI does not have remediation steps available. For possible CLI remediation, see the product documentation (below) or use Terraform.

In Terraform -

In the azurerm_sql_database resource, set email_addresses under threat_detection_policy block.

References:
https://learn.microsoft.com/en-us/sql/relational-databases/database-mail/database-mail?view=sql-server-ver16
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/sql_database#threat_detection_policy

Policy Details

Rule Reference ID: AC_AZURE_0279

CSP: Azure

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: azurerm_sql_database

Resource Category: Database

Resource Type: SQL Server

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA
SOC2
NY-DFS