SQL Server ‘also send email notifications to admins and subscription owners’ for vulnerability assessments should be enabled

Description

The vulnerability assessment setting “Also send email notifications to admins and subscription owners” ensures that administrators and subscription owners will be sent scan reports and alerts about critical SQL servers. Configuring this setting may reduce the time required for identifying vulnerability risks and taking corrective measures.

Remediation Steps

Azure Portal

  • Navigate to SQL servers.

  • Select the SQL server and in the left navigation, select Security Center.

  • Select Enable Azure Defender for SQL if not already enabled.

  • In Azure Defender for SQL: Enabled at the subscription-level, select Configure.

  • Under VULNERABILITY ASSESSMENT SETTINGS, ensure Storage account is configured.

  • Check the box next to Also send email notifications to admins and subscription owners.

  • Click Save.

Azure PowerShell

  • Enable Azure Defender for SQL, if not already enabled:

    • Set-AZSqlServerThreatDetectionPolicy -ResourceGroupName <resource group name> -ServerName <server name> -EmailAdmins $True

  • Enable the “Also send email notifications to admins and subscription owners” setting:

Update-AzSqlServerVulnerabilityAssessmentSetting `
  -ResourceGroupName "<resource group name>" `
  -ServerName "<server name>" `
  -StorageAccountName "<storage name from same subscription and same location" `
  -ScanResultsContainerName "vulnerability-assessment" `
  -RecurringScansInterval Weekly `
  -EmailSubscriptionAdmins $true `
  -NotificationEmail @("mail1@mail.com" , "mail2@mail.com")