Defender for SQL - Vulnerability Assessment - Status: Not Applicable

Benjamin Graus 1 Reputation point
2023-03-13T15:10:03.98+00:00

Hi all,

we have a strange issue with Defender for SQL on a SQL-Server in Azure.

All findings on DBs are flagged as "Not applicable" whether with the new express mode or with the old way.

On the VAxxxx itself all the DBs from this SQL-Server are listed unter Dismissed databases.

We do not find any exemption rules or other which would create this behavior.

 With the old method we can download also the report and in fact the findings are OK - but they are exempted.

 Using a graph query we can see that there is an Exempt from the parent - but like i said - we simply cannot identify from where the exempt does come from

User's image

To add:

It worked once without problems - we then moved the entire Subscription to a new Tenant.

After that it has this strange behavior.

 

Is there a way to reforce this?

Thanks

 

 

Azure SQL Database
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
235 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
733 questions
{count} votes

2 answers

Sort by: Most helpful
  1. William Clarkson-Antill 0 Reputation points
    2023-03-14T21:55:07.6433333+00:00

    Hey @Benjamin Graus

    Is Microsoft Defender for Cloud enabled across your new subscription, MDC has to be specifically enabled for each subscription you want it to perform an assessment across and are you paying for MDC protection for SQL databases as there is a cost element involved

    Regards

    Bill


  2. GeethaThatipatri-MSFT 16,726 Reputation points Microsoft Employee
    2023-03-15T19:07:10.8266667+00:00

    @Benjamin Graus

    Did you find anything when looking at the exemption configs for “SQL databases should have vulnerability findings resolved”?

    User's image

    Note that the scan export supported in classic configuration does not take into effect exemptions or disabled rules.

    Express configuration doesn’t support the export ability at the moment – but all the data should be available in ARG with the correct status, as you’ve queried in your example.

    Regards

    Geetha