Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable Vulnerability Assessment Email Notifications for Admins and Subscription Owners

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)
Rule ID: Sql-009

Ensure that the Vulnerability Assessment setting "Also send email notification to admins and subscription owners" is enabled for your Microsoft SQL database servers. This security setting enables Microsoft Defender for SQL to contact your subscription owners and administrators if the Microsoft Security Response Center (MSRC) discovers that your cloud resources and/or data has been accessed by an unauthorized actor.

This rule resolution is part of the Conformity Security & Compliance tool for Azure.

Security
Cost
optimisation

Once the "Also send email notification to admins and subscription owners" setting is enabled, Vulnerability Assessment (VA) scan reports and alerts will be sent to admins and subscription owners. This can help to reduce the time required for identifying risks and taking corrective measures.


Audit

To determine if the "Also send email notification to admins and subscription owners" security setting is enabled, perform the following actions:

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access your Azure cloud resources.

03 From the Type filter box, select SQL server to list only the SQL database servers provisioned in the selected Azure subscription.

04 Click on the name (link) of the SQL server that you want to examine.

05 In the blade navigation panel, under Security, select Microsoft Defender for Cloud.

06 On the Microsoft Defender for Cloud page, make sure that Microsoft Defender for SQL is enabled, then choose (Configure) next to Microsoft Defender for SQL. It is recommended to enable Microsoft Defender at the subscription-level, which is explained here, but it can also be enabled at the individual server-level.

07 On the Server settings configuration page, under VULNERABILITY ASSESSMENT SETTINGS, ensure there is a storage account configured. Next, check the Also send email notification to admins and subscription owners setting checkbox. If the setting checkbox is not selected, the notification setting is not enabled for the selected Microsoft SQL database server.

08 Repeat steps no. 4 – 7 for each SQL database server provisioned in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Using Azure PowerShell

01 Run Get-AzSqlServer PowerShell command with custom query filters to list the name of each SQL database server and the name of its associated resource group, available within the current Azure subscription:

Get-AzSqlServer | Select-Object ServerName,ResourceGroupName

02 The command output should return the requested SQL database server information:

ServerName             ResourceGroupName
----------             -----------------
cc-prod-db-server      cloud-shell-storage-westeurope
cc-ms-sql-server       cloud-shell-storage-westeurope

03 Run Get-AzSqlServerVulnerabilityAssessmentSetting command using the name of the SQL database server that you want to examine as the identifier parameter and custom query filters to describe the "Also send email notification to admins and subscription owners" setting status:

Get-AzSqlServerVulnerabilityAssessmentSetting
-ServerName "cc-prod-db-server"
-ResourceGroupName "cloud-shell-storage-westeurope" | Select-Object EmailAdmins,StorageAccountName

04 The command output should return the requested setting status (True for enabled, False for disabled):

EmailAdmins StorageAccountName
----------- ------------------
False       myStorage

If the Get-AzSqlServerVulnerabilityAssessmentSetting cmdlet output returns False for the EmailAdmins attribute, as shown in the example above, the "Also send email notification to admins and subscription owners" security setting is not enabled for the selected Microsoft SQL database server. If the cmdlet does not return a storage account, then there is no target storage account to store the vulnerability assessments.

05 Repeat steps no. 3 and 4 for each SQL database server available within the current subscription.

06 Repeat steps no. 1 – 5 for each subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To enable sending Vulnerability Assessment (VA) email notifications to admins and subscription owners, perform the following actions:

Using Azure Console

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade at https://portal.azure.com/#blade/HubsExtension/BrowseAll to access your Azure cloud resources.

03 From the Type filter box, select SQL server to list only the SQL database servers provisioned in the selected Azure subscription.

04 Click on the name of the SQL server that you want to reconfigure.

05 In the blade navigation panel, under Security, select Microsoft Defender for Cloud.

06 On the Microsoft Defender for Cloud page, make sure that Microsoft Defender for SQL is enabled, then choose (Configure) next to Microsoft Defender for SQL. It is recommended to enable Microsoft Defender at the subscription-level, which is explained here, but it can also be enabled at the individual server-level.

07 On the Server settings configuration page, under VULNERABILITY ASSESSMENT SETTINGS, perform the following actions:

  1. Ensure there is a storage account configured.
  2. Ensure that Periodic recurring scans is set to ON to enable periodic recurring scans for your Microsoft SQL database server.
  3. Select the Also send email notification to admins and subscription owners checkbox to enable sending Vulnerability Assessment email notifications to admins and subscription owners, for the selected SQL database server.
  4. Choose Save to apply the configuration changes.

08 Repeat steps no. 4 – 7 for each SQL database server provisioned in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each subscription created in your Microsoft Azure cloud account.

Using Azure PowerShell

01 Run Update-AzSqlServerVulnerabilityAssessmentSetting cmdlet using the name of the SQL server that you want to reconfigure and the name of the associated resource group as the identifier parameters to enable sending Vulnerability Assessment (VA) email notifications to admins and subscription owners by setting the -EmailAdmins parameter to $true:

Update-AzSqlServerVulnerabilityAssessmentSetting
-ServerName "cc-prod-db-server"
-ResourceGroupName "cloud-shell-storage-westeurope"
-EmailAdmins $true

02 The command output should return the new Vulnerability Assessment settings:

ServerName                : cc-prod-db-server
ResourceGroupName         : cloud-shell-storage-westeurope
StorageAccountName        : myStorage
ScanResultsContainerName  : vulnerability-assssment
RecurringScansInterval    : Weekly
EmailAdmins               : True
NotificationEmail         : { admin@domain.com }

03 Repeat steps no. 1 and 2 for each SQL database server provisioned within the current Azure subscription.

04 Repeat steps no. 1 - 3 for each subscription created in your Microsoft Azure cloud account.

References

Publication date Jul 24, 2019

Unlock the Remediation Steps


Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable Vulnerability Assessment Email Notifications for Admins and Subscription Owners

Risk Level: Medium