Description:
Configure 'Send scan reports to' with email ids of concerned data owners/stakeholders for a critical SQL servers.
Rationale:
Vulnerability Assessment (VA) scan reports and alerts will be sent to email ids configured at 'Send scan reports to'. This may help in reducing time required for identifying risks and taking corrective measures.
Enabling the 'Azure Defender for SQL' features will incur additional costs for each SQL server.
From Azure Console
Using Azure PowerShell
If not already, Enable 'Advanced Data Security' for a SQL Server:
Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName -ServerName -EmailAdmins $True
To enable ADS-VA service and Set 'Send scan reports to'
Update-AzSqlServerVulnerabilityAssessmentSetting '
-ResourceGroupName ""'
-ServerName ""'
-StorageAccountName "<Storage Name from same subscription and same Location" '
-ScanResultsContainerName "vulnerability-assessment" '
-RecurringScansInterval Weekly '
-EmailSubscriptionAdmins $true '
-NotificationEmail @("[email protected]" , "[email protected]")
.