I have a subscription with threat detection enabled at subscription level, or rather Defender for Cloud is enabled (a plans). How/where is the retention period for logged threats set, and what is the default ? If I look at individual resource in the subscription using powershell 'Get-AzSqlDatabaseAdvancedThreatProtectionSetting' it shows threat detection is disabled and retentionindays set to 0, which I assume to be anomalous info? Can anyone clarify it for me ; I've waded through documentation online but struggled to find definitive answers.
Thank you !