跳到主要内容

Remediate & Review Vulnerability Assessments

Implementation Effort: Medium
Customer IT and Security Operations teams must enable vulnerability assessments, review findings, and apply remediations across Azure SQL and other supported databases.

User Impact: Low
All actions are performed by administrators; no user-facing changes or notifications are required.

Overview

Microsoft Defender for Databases includes a built-in Vulnerability Assessment (VA) tool that scans Azure SQL databases and other supported platforms for security misconfigurations, excessive permissions, and known vulnerabilities. These assessments help organizations proactively reduce risk and improve compliance.

Key Capabilities

  1. Enable Vulnerability Assessment

    • Defender for Cloud automatically enables VA when the Defender for Azure SQL plan is active.
    • You can choose between:
      • Classic configuration (requires a storage account)
      • Express configuration (recommended; no storage account needed) 1.

  2. Run and Schedule Scans

    • Scans can be run manually or scheduled weekly.
    • Results are stored in a designated storage account (classic) or managed internally (express).
    • Email notifications can be sent to admins and subscription owners 1.

  3. Review Findings

    • Go to Microsoft Defender for Cloud > Recommendations or the specific SQL resource.
    • Review categorized findings such as:
      • Missing encryption
      • Unpatched software
      • Excessive permissions 2.

  4. Remediate Vulnerabilities

    • Each finding includes remediation guidance.
    • You can:
      • Apply fixes manually
      • Use automation (e.g., Azure Policy, Logic Apps)
      • Disable findings if they are not applicable 2.

  5. Track and Audit

    • Use the Defender for Cloud dashboard to monitor remediation progress.
    • Export scan results for compliance reporting or integration with SIEM tools 3.

This process supports the Zero Trust principle of "Assume Breach" by ensuring that known vulnerabilities are identified and resolved before they can be exploited. Without regular assessments, organizations risk leaving critical database assets exposed to threats.

Reference