You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-sql/database/sql-database-vulnerability-assessment-storage.md
+10-7Lines changed: 10 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,8 +5,8 @@ services: sql-database
5
5
ms.service: sql-db-mi
6
6
ms.subservice: security
7
7
ms.topic: how-to
8
-
author: barmichal
9
-
ms.author: mibar
8
+
author: davidtrigano
9
+
ms.author: datrigan
10
10
ms.reviewer: vanto
11
11
ms.date: 12/01/2020
12
12
---
@@ -18,18 +18,21 @@ If you are limiting access to your storage account in Azure for certain VNets or
18
18
19
19
## Enable Azure SQL Database VA scanning access to the storage account
20
20
21
-
If you have configured your VA storage account to only be accessible by certain networks or services, you'll need to ensure that VA scans for your Azure SQL Database are able to store the scans on the storage account. To find out which storage account is being used, go to your **SQL server** pane in the [Azure portal](https://portal.azure.com), under **Security**, select **Security Center**.
21
+
If you have configured your VA storage account to only be accessible by certain networks or services, you'll need to ensure that VA scans for your Azure SQL Database are able to store the scans on the storage account. You can use the existing storage account, or create a new storage account to store VA scan results for all databases on your [logical SQL server](logical-servers.md).
22
22
23
-
:::image type="content" source="../database/media/azure-defender-for-sql/va-storage.png" alt-text="set up vulnerability assessment":::
24
-
25
-
You can use the existing storage account, or create a new storage account to store VA scan results for all databases on your [logical SQL server](logical-servers.md).
23
+
> [!NOTE]
24
+
> The vulnerability assessment service can't access storage accounts protected with firewalls or VNets if they require storage access keys.
26
25
27
26
Go to your **Resource group** that contains the storage account and access the **Storage account** pane. Under **Settings**, select **Firewall and virtual networks**.
28
27
29
28
Ensure that **Allow trusted Microsoft services access to this storage account** is checked.
30
29
31
30
:::image type="content" source="media/sql-database-vulnerability-assessment-storage/storage-allow-microsoft-services.png" alt-text="Screenshot shows Firewall and virtual networks dialog box, with Allow trusted Microsoft services to access this storage account selected.":::
32
31
32
+
To find out which storage account is being used, go to your **SQL server** pane in the [Azure portal](https://portal.azure.com), under **Security**, select **Security Center**.
33
+
34
+
:::image type="content" source="../database/media/azure-defender-for-sql/va-storage.png" alt-text="set up vulnerability assessment":::
35
+
33
36
## Store VA scan results for Azure SQL Managed Instance in a storage account that can be accessed behind a firewall or VNet
34
37
35
38
Since Managed Instance is not a trusted Microsoft Service and has a different VNet from the storage account, executing a VA scan will result in an error.
@@ -58,4 +61,4 @@ You should now be able to store your VA scans for Managed Instances in your stor
0 commit comments