Azure Threat Detection Retention Period default

backtothefuture 91 Reputation points
2021-11-11T16:41:37.897+00:00

Hello all,
I have a subscription with threat detection enabled at subscription level, or rather Defender for Cloud is enabled (a plans). How/where is the retention period for logged threats set, and what is the default ? If I look at individual resource in the subscription using powershell 'Get-AzSqlDatabaseAdvancedThreatProtectionSetting' it shows threat detection is disabled and retentionindays set to 0, which I assume to be anomalous info? Can anyone clarify it for me ; I've waded through documentation online but struggled to find definitive answers.
Thank you !

Azure SQL Database
No comments
1 vote

Accepted answer
  1. Alberto Morillo 24,801 Reputation points Microsoft MVP
    2021-11-11T17:19:57.507+00:00

    It is set to zero by default, and that means forever.

    However, Azure SQL DB Advanced Threat Protection (SQL ATP) data (alerts) is stored in Azure Security Center, for 90 days. If you want to store it for a longer period of time, you can use the continuous-export functionality.


0 additional answers

Sort by: Most helpful