The email you received does not filter disabled rules or not applicable rules. Maybe the email is pointing to a disabled rule, On the Scan Results on the Azure Portal make a click on the "Not applicable" section. There you may find the high risk item.
Azure SQL Vulnerability email says I have a High Risk item
Mike Cross
20
Reputation points
I receive an email from the Vulnerability Assessment to say I have a DB which has 1 X High Risk Item.
When i click on the link to view the results and follow the Recommendation, this takes me to the Vulnerability Scan, however shows that there are No High Risks, or in fact any risks at all.
How do I check this for sure.