1. Login to Azure portal (https://portal.azure.com/).
2. Navigate to the SQL server that has the short threat detection retention period.
3. Click on the “Security” tab on the left-hand side of the page.
4. Under “Advanced Threat Protection”, click on “Advanced Threat Protection settings”.
5. In the “Advanced Threat Protection settings” page, scroll down to the “Data retention” section.
6. Increase the retention period to the desired duration.
7. Click on the “Save” button to save the changes.

​

1. Open Azure CLI and login to your Azure account.
2. Run the following command to set the retention period for the SQL database threat detection to 90 days:

az sql db threat-policy update --resource-group <resource-group-name> --server <server-name> --database <database-name> --retention-days 90

3. Verify that the retention period has been set to 90 days by running the following command:

az sql db threat-policy show --resource-group <resource-group-name> --server <server-name> --database <database-name>

4. Repeat these steps for all SQL databases in your Azure environment to ensure that the threat detection retention period is set to 90 days for all databases.

1. Install the Azure Python SDK using the following command:
   Copy

   Ask AI

   pip install azure-mgmt-monitor
   

2. Authenticate to your Azure account using the Azure CLI or by setting the environment variables AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID.
3. Import the necessary modules:
   Copy

   Ask AI

   from azure.common.credentials import ServicePrincipalCredentials
   from azure.mgmt.monitor import MonitorManagementClient
   from azure.mgmt.monitor.models import RetentionPolicy
   

4. Define the credentials and the client:
   Copy

   Ask AI

   credentials = ServicePrincipalCredentials(
       client_id='<your-client-id>',
       secret='<your-client-secret>',
       tenant='<your-tenant-id>'
   )
   
   client = MonitorManagementClient(
       credentials,
       '<your-subscription-id>'
   )
   

5. Get the current retention policy for the SQL databases:
   Copy

   Ask AI

   current_policy = client.metric_definitions.get(
       '<your-resource-group>',
       '<your-sql-server-name>',
       '<your-database-name>',
       'ThreatDetectionPolicy'
   ).retention_policy
   

6. Update the retention policy to the desired value:
   Copy

   Ask AI

   new_policy = RetentionPolicy(enabled=True, days=30)
   client.metric_definitions.create_or_update(
       '<your-resource-group>',
       '<your-sql-server-name>',
       '<your-database-name>',
       'ThreatDetectionPolicy',
       {'retention_policy': new_policy}
   )
   

   In this example, we set the retention period to 30 days. You can adjust this value to meet your specific requirements.
7. Verify that the retention policy has been updated by checking the current policy again:
   Copy

   Ask AI

   updated_policy = client.metric_definitions.get(
       '<your-resource-group>',
       '<your-sql-server-name>',
       '<your-database-name>',
       'ThreatDetectionPolicy'
   ).retention_policy
   
   print('Updated retention policy:', updated_policy)
   

   This should output the updated retention policy.