Description:
Enable Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners'.
Rationale:
VA scan reports and alerts will be sent to admins and subscription owners by enabling setting 'Also send email notifications to admins and subscription owners'. This may help in reducing time required for identifying risks and taking corrective measures.
Impact:
Enabling the Azure Defender for SQL features will incur additional costs for each SQL server.
Default Value:
By default, 'Also send email notifications to admins and subscription owners' is enabled.
Audit:
From Azure Console
Go to SQL servers.
Select a server instance.
Click on Security Center.
Ensure that Azure Defender for SQL is set to Enabled.
Select Configure next to Enabled at subscription-level.
In Section Vulnerability Assessment Settings, Ensure Storage Accounts is configured.
In Section Vulnerability Assessment Settings, Ensure Also send email notifications to admins and subscription owners is checked/enabled.
Using Azure PowerShell
Get the list of all SQL Servers
1Get-AZSqlServer
For each Server
1Get-AzSqlServerVulnerabilityAssessmentSetting -ResourceGroupName <resource group name> -ServerName <server name>
From Azure Console
Go to SQL servers.
Select a server instance
Click on Security Center
Select Configure next to Enabled at subscription-level
In Section Vulnerability Assessment Settings, configure Storage Accounts if not already.
Check/enable 'Also send email notifications to admins and subscription owners'.
Click Save
Using Azure PowerShell
If not already, Enable Advanced Data Security for a SQL Server:
1Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName <resource group name> 2-ServerName <server name> -EmailAdmins $True
To enable ADS-VA service and Set 'Also send email notifications to admins and subscription owners'
1Update-AzSqlServerVulnerabilityAssessmentSetting ` 2-ResourceGroupName "<resource group name>"` 3-ServerName "<Server Name>"` 4-StorageAccountName "<Storage Name from same subscription and same Location" ` 5-ScanResultsContainerName "vulnerability-assessment" ` 6-RecurringScansInterval Weekly ` 7-EmailSubscriptionAdmins $true ` 8-NotificationEmail @("[email protected]" , "[email protected]") 9
Backout Plan:
Go to SQL servers
Select a server instance
Click on Security Center
Ensure that Azure Defender for SQL is set to Enabled
In Section Vulnerability Assessment Settings, Ensure “Also send email notifications to admins and subscription owners” is disabled