Back in September 2017 Microsoft announced a new security feature for Azure SQL Database called the SQL Vulnerability Assessment (VA). It is currently in preview mode where it has the ability to find, you can guess, security based vulnerabilities for your database such as misconfigurations, excessive permissions, and exposed sensitive data.
Let’s setup a scan. You can find this feature within the settings section of your database.
You will then need to select your subscription and storage account to where you would like the results to be stored.
You will then be routed to the main menu where you have the ability to scan. This scan is read-only and doesn’t update anything, just in case you were wondering.
When you click scan, it will move into an executing state.
Successfully completes, I think….
Okay, so this is where the confusion begins. I successfully completed the scan (remember the success message) yet the scan history option is still grey out (yellow highlight) and the time stamp for the last scan time (yellow highlight) did not get updated. Even if there were no vulnerabilities I would still like to have seen this sort of information exposed to users, just so I know a scan did actually take place.
Update 26/3/18: Please see comment section, scan history is a work in progress.