Vendor services misconfigurations

Vulnerability assessment is disabled for sql server

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Enabling Azure Defender for SQL server does not enables Vulnerability Assessment (VA) capability for individual SQL databases unless storage account is set to store the scanning data and reports. The Vulnerability Assessment service scans databases for known security vulnerabilities and highlight deviations from best practices, such as misconfigurations, excessive permissions, and unprotected sensitive data. Results of the scan include actionable steps to resolve each issue and provide customized remediation scripts where applicable.
  • Recommended Mitigation

    Assign a storage account to Vulnerability Assessment (VA) service for {AzureSqlDbServer} sql server, in order to enable it.