Azure SQL Server Audit Log Retention Is Less Than 91 Days
Audit Logs can help you find suspicious events, unusual activity, and trends. Auditing the SQL server, at the server-level, allows you to track all existing and newly created databases on the instance.
This policy identifies SQL servers which do not retain audit logs for more than 90 days. As a best practice, configure the audit logs retention time period to be greater than 90 days.
Azure SQL Server audit log retention is less than 91 days.
$.resource.*.azurerm_sql_database size greater than 0 and $.resource.*.azurerm_sql_database[*].*[*].threat_detection_policy size greater than 0 and ($.resource.*.azurerm_sql_database[*].*[*].threat_detection_policy[*].retention_days anyNull or $.resource.*.azurerm_sql_database[*].*[*].threat_detection_policy[?( @.retention_days<91 )] size greater than 0)
Recommended solution having the audit log retention for more than 90 days.
It is recommended to have Azure SQL server audit logs retention to be more than 90 days. Please make sure if your template have "retention_days" set to anything greater than 90 under "threat_detection_policy" block.