0

I'm creating a security assessment for an Azure Managed Instance.

The Vulnerability Assessment that I find on the Azure portal alerts me that there are 6 Extended Stored Procedure that could harm my Managed Instance:

enter image description here

Strange... I taught that Extended Stored Procedure weren't supported on Azure Managed Instance.

And in fact:

So why the official Azure Vulnerability Assessment is marking this with medium risk?

Is this a false positive?

Francesco Mantovani
  • 10,216
  • 13
  • 73
  • 113
  • Was this an older database migrated into Azure at some point? – Timothy G. May 19 '21 at 16:17
  • Oh, yeah @TimothyG. this is a freshly SQL Server 2012 migrated to Managed Instance. I'm all ears, tell me where is the problem. – Francesco Mantovani May 19 '21 at 20:42
  • I wonder since this was an older SQL Server instance that was migrated, perhaps your DB or `master` contains these stored procedures still. If you go to `Your DB` → Programmability → Stored Procedures → System Stored Procedures in SSMS for the instance, do you see the procedures in question (or do you see them under just "Stored Procedures")? If they are there, then I would say they were carried over during the migration, in which case, you can probably safely delete them, since they need specific DLL files to be present to even work, and since Azure doesn't support them, they won't work. – Timothy G. May 19 '21 at 22:48

2 Answers2

2

These Extended SPs are supported in SQL MI.

The documentation should be updated.

It is easy to put this to the test, example:

enter image description here

akrabi
  • 4,244
  • 2
  • 18
  • 19
1

I have the same viewpoint with @Timothy G. These stored procedures are not supported in Azure SQL database. If they are exist in your source SQL Server, it may be transferred in to Azure SQL database. But they won't work.

I don't know how you migrate your SQL Server to Azure SQL database. You can use Data Migration Assistant(DMA) to asses you SQL server first:

  • Assess on-premises SQL Server Integration Services (SSIS) package(s) migrating to Azure SQL Database or Azure SQL Managed Instance. The assessment helps to discover issues that can affect the migration. These are described as compatibility issues and are organized in the following categories:

    Migration blockers: discovers the compatibility issues that block migrating source package(s) to Azure. DMA provides recommendations to help you address those issues.

    Information issues: detects partially supported or deprecated features that are used in source package(s).

May be you can find the reason.

Leon Yue
  • 15,693
  • 1
  • 11
  • 23
  • Thank you confirming, I opened an issue about this: https://github.com/MicrosoftDocs/azure-docs/issues/75890. Now sure how they migrated this database to the MI but the Vulnerability Assessement is wrong. – Francesco Mantovani Jun 01 '21 at 07:44
  • @LeonYue Is there a way to remove these `extended stored procedures` from the `Azure SQL Managed Instance`? – nam Oct 11 '22 at 18:59