If the SQL Server Threat Detection Retention is set to less than 90 days for Azure SQL Database, it means that security logs and alerts will be automatically deleted after a short period. This makes it harder to review past security incidents, identify patterns of potential threats, and learn from previous attacks. It reduces the ability to effectively audit and analyze security events.
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/sql/relational-databases/database-mail/database-mail?view=sql-server-ver16
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database#retention_days