This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 5%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Hi Team,
I got below Vulnerabilities for the Azure SQL Managed Instance. Could you please provide the remediation for the VA ?
VA2114 - Minimal set of principals should be members of fixed server roles
Remove members that should not have access to the fixed server roles. After that approve as baseline.
Here are the fixed roles except ##MS_PerformanceDefinitionReader##, ##MS_ServerPerformanceStateReader##, and ##MS_ServerSecurityStateReader#
Server role provided are for Azure SQL. Could you please help me for Azure SQL Managed instance ?
Here are the fixed roles except ##MS_PerformanceDefinitionReader##, ##MS_ServerPerformanceStateReader##, and ##MS_ServerSecurityStateReader#
I can see we have below server roles except highlighted ones ? can we delete those server roles and will it have any impact if we delete ?
Fixed server roles cannot be removed as per documentation.
Hi Alberto,
I have below logins for sysadmin roles. In that case what will be the exact remediation steps ? whether we need to remove sysadmin roles for these 2 logins ?
Hi Alberto,
I can see we have sysadmin role for the below logins apart from fixed roles. So the remediation is to remove sysadmin roles to these logins ?
Hi Alberto,
we have two logins as sysadmin access. do we need to remove those sysadmin access for the remediation ?
If you agree that they need to be sysadmin then accept it as baseline, otherwise remove them.