Share via

Vulnerability assessment refuses to run for Azure SQL database

Daniel Growns 96 Reputation points
2021-10-28T07:17:15.263+00:00

Good morning

Since moving my resources from a free subscription last month, over to a paid subscription my Azure SQL databases fail to run the vulnerability assessment. After clicking for more details, I receive the error message:

The configured storage account 'sqlvallmzvr3wyv7ug' was not found in the subscriptions selected by your Global subscription filter, or you don't have permission to access it. Please add the subscription corresponding to the configured storage to your Global filter settings.

I have since checked the global filter settings which is set to 'All subscriptions' and looked in the old disabled subscription which has no resources left.

Can someone help me point the Vulnerability Assessment at a new storage account as I can't see how to do this?

Thanks

Azure SQL Database
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,366 questions
0 comments
Accepted answer
  1. Daniel Growns 96 Reputation points
    2021-11-15T08:48:21.847+00:00

    Hi

    The answer to my issue was actually slightly different to both answers.

    As I had moved these resources into a new subscription, it lost the connection to the storage account. I had to

    • Go to the sql server
    • Go to Microsoft Defender for Cloud under Security
    • Click (Configure) where it says 'Microsoft Defender for SQL: Enabled at the server-level'
    • Set the storage account to send the results to
    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Oury Ba-MSFT 20,186 Reputation points Microsoft Employee
    2021-11-04T00:13:20.18+00:00

    Hi @Daniel Growns Thank you for posting your Question on Microsoft Q&A.
    In addition to @Alberto Morillo answer.

    Storage account requirements
    The storage account in which vulnerability assessment scan results are saved must meet the following requirements:

    Type: StorageV2 (General Purpose V2) or Storage (General Purpose V1)
    Performance: Standard (only)
    Region: The storage must be in the same region as the instance of Azure SQL Server.
    If any of these requirements aren't met, saving changes to vulnerability assessment settings fails.

    Permissions
    The following permissions are required to save changes to vulnerability assessment settings:

    SQL Security Manager
    Storage Blob Data Reader
    Setting a new role assignment requires owner or user administrator access to the storage account and the following permissions:

    Storage Blob Data Owner

    Please refer to the article above for more information.

    Regards,
    Oury

    1 person found this answer helpful.
  2. Alberto Morillo 34,461 Reputation points MVP
    2021-10-29T00:14:11.017+00:00

    Try this step-by-step article to change the storage account associated with the vulnerability assessment.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.