Skip to content

BoostSecurity

azure-mssql-email-service

azure-mssql-email-service¶

Ensure that 'Email service and co-administrators' is 'Enabled' for MSSQL servers

Doing so will ensure that alerts are sent when Advanced Threat Protection detects any anomalous activities, enabling early mitigation of any potential risk detected.

Examples¶

Insecure Example

resource "azurerm_mssql_server_security_alert_policy" "example" {
  resource_group_name        = azurerm_resource_group.example.name
  server_name                = azurerm_sql_server.example.name
  state                      = "Enabled"
  storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
  disabled_alerts = [
    "Sql_Injection",
    "Data_Exfiltration"
  ]
  email_account_admins       = false  # (default value is false)
  retention_days = 20
}

Secure Example

resource "azurerm_mssql_server_security_alert_policy" "example" {
  resource_group_name        = azurerm_resource_group.example.name
  server_name                = azurerm_sql_server.example.name
  state                      = "Enabled"
  storage_endpoint           = azurerm_storage_account.example.primary_blob_endpoint
  storage_account_access_key = azurerm_storage_account.example.primary_access_key
  disabled_alerts = []
  email_addresses            = var.mssql_alert_emails
  email_account_admins       = true
  retention_days = 20
}

More information¶