Vulnerability Assessment should be enabled for SQL server

azure.sql

Description

The Vulnerability Assessment service is a valuable tool that analyzes SQL databases to identify security issues and deviations from best practices. It helps identify misconfigurations, excessive permissions, and other potential vulnerabilities. The service provides remediation steps, customizable scripts, and assessment reports with customizable baseline settings. Enabling these features in Microsoft Defender for SQL comes with additional costs per SQL server.

Remediation

Azure is transitioning from Classic Configuration to Express Configuration. For specific configuration instructions that fit your use case, see Enable vulnerability assessment on your Azure SQL databases and servers.