Enable Vulnerability Assessment (VA) feature for Microsoft Azure SQL servers by setting a storage account. Turning on Microsoft Defender for SQL does not enable Vulnerability Assessment for individual SQL databases unless storage accounts are configured to store VA scanned data and reports.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Once enabled, the Vulnerability Assessment (VA) feature scans SQL databases for known security vulnerabilities and highlights deviations from industry best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data such Personally Identifiable Information (PII). The results of the VA scans include actionable steps to resolve each issue and provide customized remediation scripts where applicable. Additionally, an assessment report can be customized by setting an acceptable baseline for permission configurations, feature configurations, and database configuration settings.
Audit
To determine if Vulnerability Assessment (VA) is enabled for your Azure SQL database servers, perform the following operations:
Remediation / Resolution
To enable Vulnerability Assessment (VA) for your Microsoft Azure SQL servers by configuring appropriate storage accounts, perform the following operations:
References
- Azure Official Documentation
- SQL vulnerability assessment helps you identify database vulnerabilities
- Server Vulnerability Assessments - List By Server
- Update-AzSqlServerVulnerabilityAssessmentSetting
- Get-AzSqlServerVulnerabilityAssessmentSetting
- PV-6: Perform software vulnerability assessments
- Azure Command Line Interface (CLI) Documentation
- Az.Sql
- Get-AzSqlServer
- Get-AzSqlServerVulnerabilityAssessmentSetting
- Update-AzSqlServerVulnerabilityAssessmentSetting
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable Vulnerability Assessment for Microsoft SQL Servers
Risk Level: Medium