Get Vulnerability Assessment Setting of Azure SQL Server in tenant with PowerShell

Enabling and configuring vulnerability assessment (VA) feature on Azure SQL Server is needed in an environment where security and compliance is strictly followed. And now you are asked by InfoSec leader to provide status of VA configuration on all of your Azure SQL Server.

This article is NOT going to tell you on how to audit VA setting which can be done quite easily with Azure Policy. This article is simply to share a PowerShell script to help you retrieve VA setting so you can verify if any of your Azure SQL Server has VA configured and which storage account it uses to store the VA scanning result.

PowerShell script

The PowerShell script is uploaded here. The output is a CSV file providing you the following information:

  • Subscription Id
  • Subscription Name
  • Resource Group Name
  • Azure SQL Server Name
  • Va Configured (Yes/No)
  • Storage Account Name
  • Storage Account Container
  • Recurring Scans Interval (in fact it is weekly by default. This is unchangeable)
  • Email Admin enabled
  • Emails

The script loops to read all Azure SQL Servers in all subscriptions (depending on your current context, subscription access may vary).

If you have any feedback or additional request please feel free to leave a comment here or create a Github issue ticket


This entry was posted in Governance & Compliance, Security Automation and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published.