People who code their own login forms and database-backed apps available publically should be careful of the SQL famouse Injection : 

'OR 1=1

For poorly coded forms this changes an SQL Query searching for a Username/Password to list all the logins

SELECT userid
FROM users
WHERE username = ''OR 1=1/*'
    AND password = ''
    AND domain = ''

You only need to look at Troy Hunts site and method to hack databases  to see how easy and how many people have been effected.

Azure SQL Advanced Threat Protection can detect these kinds of attacks for you stop or notify you as soon as they happen as well as let you know the hack 

Other Features is can help you with 

Vulnerability to SQL Injection:

This alert is triggered when an application generates a faulty SQL statement in the database. This may indicate a possible vulnerability to SQL injection attacks. There are two possible reasons for the generation of a faulty statement:

A defect in application code that constructs the faulty SQL statement

Application code or stored procedures don't sanitize user input when constructing the faulty SQL statement, which may be exploited for SQL Injection

Potential SQL injection

This alert is triggered when an active exploit happens against an identified application vulnerability to SQL injection. This means the attacker is trying to inject malicious SQL statements using the vulnerable application code or stored procedures.

Access from unusual location:

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual geographical location. In some cases, the alert detects a legitimate action (a new application or developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from unusual Azure data center

 This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server from an unusual Azure data center that was seen on this server during the recent period. In some cases, the alert detects a legitimate action (your new application in Azure, Power BI, Azure SQL Query Editor). In other cases, the alert detects a malicious action from an Azure resource/service (former employee, external attacker).

Access from unfamiliar principal

This alert is triggered when there is a change in the access pattern to SQL server, where someone has logged on to the SQL server using an unusual principal (SQL user). In some cases, the alert detects a legitimate action (new application, developer maintenance). In other cases, the alert detects a malicious action (former employee, external attacker).

Access from a potentially harmful application

This alert is triggered when a potentially harmful application is used to access the database. In some cases, the alert detects penetration testing in action. In other cases, the alert detects an attack using common attack tools.

Brute force SQL credentials

This alert is triggered when there is an abnormal high number of failed logins with different credentials. In some cases, the alert detects penetration testing in action. In other cases, the alert detects brute force attack.

Cost

The cost of around  £11.18/node/month with a 60 day free trial, You will be needing to use a Managed SQL instance ( PaaS ) fo this feature