Bicep for configuring vulnerability assessment for sql server

Question

I am trying to implement a remediation for secure score recommendation on sql server.

It says it is enabled but my recommendation is not yet updated.

Bicep module for the same

resource sqlVulnerabilityAssessment 'Microsoft.Sql/servers/sqlVulnerabilityAssessments@2022-11-01-preview' = {
  name: 'default'
  parent: MySqlServer
  properties: {
    state: 'Enabled'
  }
}

Do I need to do anything else to get the recommendation reach Completed status?

Answer 1

Do I need to do anything else to get the recommendation reach Completed status?

You need to remediate the recommendation to reach the completed status. To remediate it, you must follow the security recommendations for your environment.

Go to the Azure portal and then Security posture under the Defender for Cloud overview to retrieve the list of suggestions. Then choose "View recommendations" for the environment you want to enhance as shown.

After enabling Vulnerability Assessment using the Bicep module you provided, the suggested review process may take some time to complete. The Secure Score system examines the state of your resources on a regular basis to update the recommendation status.

You can check the status using Portal or CLI command. az security va sql

Your SQL server is configured to perform vulnerability assessments. To make sure that the recommendation succeeds, you must address the vulnerabilities identified by the vulnerability assessment scanner as detailed in MSDoc.