Defender for SQL - Vulnerability Assessment - Status: Not Applicable

Benjamin Graus 11 Reputation points
2023-03-13T15:10:03.98+00:00

Hi all,

we have a strange issue with Defender for SQL on a SQL-Server in Azure.

All findings on DBs are flagged as "Not applicable" whether with the new express mode or with the old way.

On the VAxxxx itself all the DBs from this SQL-Server are listed unter Dismissed databases.

We do not find any exemption rules or other which would create this behavior.

 With the old method we can download also the report and in fact the findings are OK - but they are exempted.

 Using a graph query we can see that there is an Exempt from the parent - but like i said - we simply cannot identify from where the exempt does come from

User's image

To add:

It worked once without problems - we then moved the entire Subscription to a new Tenant.

After that it has this strange behavior.

 

Is there a way to reforce this?

Thanks

 

 

Azure SQL Database
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
919 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,181 questions
{count} vote

3 answers

Sort by: Most helpful
  1. Bill Clarkson-Antill 5 Reputation points MVP
    2023-03-14T21:55:07.6433333+00:00

    Hey @Benjamin Graus

    Is Microsoft Defender for Cloud enabled across your new subscription, MDC has to be specifically enabled for each subscription you want it to perform an assessment across and are you paying for MDC protection for SQL databases as there is a cost element involved

    Regards

    Bill


  2. GeethaThatipatri-MSFT 27,002 Reputation points Microsoft Employee
    2023-03-15T19:07:10.8266667+00:00

    @Benjamin Graus

    Did you find anything when looking at the exemption configs for “SQL databases should have vulnerability findings resolved”?

    User's image

    Note that the scan export supported in classic configuration does not take into effect exemptions or disabled rules.

    Express configuration doesn’t support the export ability at the moment – but all the data should be available in ARG with the correct status, as you’ve queried in your example.

    Regards

    Geetha


  3. GeethaThatipatri-MSFT 27,002 Reputation points Microsoft Employee
    2023-04-03T14:40:55.49+00:00

    @Benjamin Graus @Florian Pfeffer Thanks for being patience

    Please check if you have any exemption rules.

    Please follow the steps from the below document for more information and how to remove it:

    Exempt a Microsoft Defender for Cloud recommendation from a resource, subscription, management group, and secure score | Microsoft Learn

    Regards

    Geetha