So Recently I found a pretty neat feature where SQL Azure can schedule vunerability assesment scans regularly
To configure this you must go onto each database on your server and configure the storage and who you want to receive the reports.
Lets say I have 100 databases - this is going to take a very long time. Is there a way I can set the Vunerability scan at a server level.
Or failing that a script that can set this scan up (prefereably SQL script if possible)?
Yes, you can configure this at the server level as shown below.
However, periodic scans can only be configured at the database level. Azure SQL Database team mentioned that they will provide more options to run scans and analyze results at scale. The currently available option is to use ARM APIs via the Azure SQL Management SDK library.
Azure SQL Database team mentioned also that PowerShell cmdlets will be released in the near future to enable automation via PowerShell Scripts, and as they make more progress the ability to run at scale will be available via the portal as well.
Currently in SQL Vulnerability Assessment, the target storage and periodic scans can be configured only at the database level. As the feature develops, we will provide more options to run scans and analyze results at scale.
The currently available option is to use ARM APIs via the Azure SQL management SDK: https://www.nuget.org/packages/Microsoft.Azure.Management.Sql
Powershell cmdlets will be released in the near future to enable automation via Powershell scripts. And as we make more progress, the ability to run at scale will be available via the portal as well.
In the meantime, we’re very glad to get further feedback on the current functionality of VA and additional feature requests.
