M
Mattcc
(Written on May 30th, 2024)
If you come across a credential named something like 'https://xxyyzz.blob.core.windows.net/sqldbtdlogs' in the sys.database_scoped_credentials table of your Azure SQL Database and are unsure of its purpose. it is likely related to the Threat Detection feature. This feature monitored and detected threats to your Azure SQL Database, generating reports stored in the sqldbtdlogs container in the storage account xxyyzz.
You can further verify this by checking the container for a folder named like 'SqlDbThreatDetection_Audit_xxxxx':
Previously, this credential was automatically added to the
If you find this credential still present in your Azure SQL Database, it might have been missed during the transition from Threat Detection to Microsoft Defender for Azure SQL. If you confirm it is no longer in use and want to remove it, note that you cannot simply use the
This design likely prevents the unintended removal of the credential, which would cause Threat Detection to fail. The credential should automatically be dropped once Threat Detection is disabled.
Since Threat Detection can no longer be enabled or disabled through the Azure Portal due to its deprecation, you can use the following command to disable it: az sql db threat-policy.
Here’s a demonstration:
1. Confirm the Credential Exists:
2. Check Threat Detection Status:
(If it shows 'Disabled', but the credential is present, you can still proceed to the next step to disable the feature again to drop the credential.)
3. Run the command to disable the feature to drop the credential:
4. Confirm the credential is no longer present:
(The end of this post)
Continue reading...
If you come across a credential named something like 'https://xxyyzz.blob.core.windows.net/sqldbtdlogs' in the sys.database_scoped_credentials table of your Azure SQL Database and are unsure of its purpose. it is likely related to the Threat Detection feature. This feature monitored and detected threats to your Azure SQL Database, generating reports stored in the sqldbtdlogs container in the storage account xxyyzz.
You can further verify this by checking the container for a folder named like 'SqlDbThreatDetection_Audit_xxxxx':
Previously, this credential was automatically added to the
sys.database_scoped_credentials table when Threat Detection was enabled and removed when it was disabled. However, Threat Detection has been deprecated and replaced by Microsoft Defender for Azure SQL, which offers more extensive and holistic monitoring and threat detection capabilities.If you find this credential still present in your Azure SQL Database, it might have been missed during the transition from Threat Detection to Microsoft Defender for Azure SQL. If you confirm it is no longer in use and want to remove it, note that you cannot simply use the
DROP DATABASE SCOPED CREDENTIAL command, as it will result in an error:This design likely prevents the unintended removal of the credential, which would cause Threat Detection to fail. The credential should automatically be dropped once Threat Detection is disabled.
Since Threat Detection can no longer be enabled or disabled through the Azure Portal due to its deprecation, you can use the following command to disable it: az sql db threat-policy.
Here’s a demonstration:
1. Confirm the Credential Exists:
2. Check Threat Detection Status:
(If it shows 'Disabled', but the credential is present, you can still proceed to the next step to disable the feature again to drop the credential.)
3. Run the command to disable the feature to drop the credential:
4. Confirm the credential is no longer present:
(The end of this post)
Continue reading...