This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 62%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Hello all,
I have a subscription with threat detection enabled at subscription level, or rather Defender for Cloud is enabled (a plans). How/where is the retention period for logged threats set, and what is the default ? If I look at individual resource in the subscription using powershell 'Get-AzSqlDatabaseAdvancedThreatProtectionSetting' it shows threat detection is disabled and retentionindays set to 0, which I assume to be anomalous info? Can anyone clarify it for me ; I've waded through documentation online but struggled to find definitive answers.
Thank you !
It is set to zero by default, and that means forever.
However, Azure SQL DB Advanced Threat Protection (SQL ATP) data (alerts) is stored in Azure Security Center, for 90 days. If you want to store it for a longer period of time, you can use the continuous-export functionality.
Thank you Alberto for your reply - you always seem to get in there really fast!! Regards BTTF
Thank you for your feedback and kindness. Have a wonderful weekend!