Wednesday, January 5, 2022

Cannot enable Advanced Threat Protection on Managed Instance server

Issue:

 

The PowerShell command to enable Advanced Threat Protection on Managed Instance, fails with error: "Resource group 'x' could not be found":

 

 

Update-AzSqlServerAdvancedThreatProtectionSettings -ResourceGroupName "ResourceGroup11" -ServerName "Server01" -NotificationRecipientsEmails "admin01@contoso.com;secadmin@contoso.com" -EmailAdmins $False -ExcludedDetectionType "Sql_Injection_Vulnerability","SQL_Injection" -StorageAccountName "mystorageAccount"

 

 

Georgiana_Pache_0-1641403325625.png

 

Workaround:

 

If you are experiencing this issue, you can perform the following:

 

1. Set up the policy using ARM template: 

https://docs.microsoft.com/en-us/azure/templates/microsoft.sql/managedinstances/securityalertpolicies?tabs=json 

 

or

 

2. Set up the policy using REST API: 

https://docs.microsoft.com/en-us/rest/api/sql/2021-02-01-preview/managed-server-security-alert-policies 

 

Documentation:

Update-AzSqlServerAdvancedThreatProtectionSetting 

Microsoft.SqlmanagedInstances/securityAlertPolicies 

Managed Server Security Alert Policies 

Posted at https://sl.advdat.com/3G0Wazo