Member-only story
Streamlining Vulnerability Assessment for Azure SQL in CI/CD workflows
Microsoft Defender for Cloud has the ability to assess your Azure SQL Servers for potential database vulnerabilities. It’s even listed in one of the recommendations when you create an Azure SQL Server, and open up Microsoft Defender for Cloud.
When Microsoft Defender for SQL is enabled, scans will take place periodically, reporting on potential issues your server has. It’s up to you to decide if the findings are legitimate or not by capturing a baseline per database. If you have a small estate, it might be easy to do it through the Azure Portal. When you have multiple Azure SQL Servers running, including multiple databases, it might be a burden to keep track of each baseline per environment. Therefore, it might be practical to use automation and keep track of your baselines inside a repository for version control. It makes it even easier for auditors to quickly look at each baseline captured and their vulnerability assessment rule settings.
In this tutorial, you are going to go through setting up an Azure SQL Server with Threat Protection and Vulnerability Assessment turned on by using Azure Bicep. You will trigger the first assessment, capture the baseline through Azure DevOps, and create a deviation of the baseline to see if it’s working accordingly. Before continuing, take a look at the…
