Periodic recurring vulnerability assessment scans should be enabled on SQL servers


The Vulnerability Assessment service examines databases for potential security issues and deviations from optimal practices including misconfigurations or excessive permissions. The service provides remediation steps, potentially customizable scripts for each identified issue, and offers customizability in the assessment report through baseline settings for permissions, features, and database configurations. Enabling these features on Microsoft Defender for SQL incurs additional costs per SQL server.


Azure is transitioning from Classic Configuration to Express Configuration. For specific configuration instructions that fit your use case, see Enable vulnerability assessment on your Azure SQL databases and servers.