Description:
Enable Vulnerability Assessment (VA) Periodic recurring scans for critical SQL servers and corresponding SQL databases.
Rationale:
VA setting 'Periodic recurring scans' schedules periodic (weekly) vulnerability scanning for the SQL server and corresponding Databases.
Periodic and regular vulnerability scanning provides risk visibility based on updated known vulnerability signatures and best practices.
Enabling the 'Azure Defender for SQL' feature will incur additional costs for each SQL server.
From Azure Portal
From PowerShell
If not already, Enable 'Advanced Data Security' for a SQL Server:
Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True
To enable ADS-VA service with 'Periodic recurring scans'
Update-AzSqlServerVulnerabilityAssessmentSetting '
-ResourceGroupName ""'
-ServerName ""'
-StorageAccountName "<Storage Name from same subscription and same Location" '
-ScanResultsContainerName "vulnerability-assessment" '
-RecurringScansInterval Weekly '
-EmailSubscriptionAdmins $true '
-NotificationEmail @("[email protected]" , "[email protected]")