MicrosoftDocs
diff --git a/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-enable.md
Lines changed: 8 additions & 7 deletions b/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-enable.md
Lines changed: 8 additions & 7 deletions
diff --git a/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-manage.md
Lines changed: 6 additions & 10 deletions b/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-manage.md
Lines changed: 6 additions & 10 deletions
diff --git a/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-overview.md
Lines changed: 1 addition & 2 deletions b/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-overview.md
Lines changed: 1 addition & 2 deletions
diff --git a/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-rules-changelog.md
Lines changed: 16 additions & 19 deletions b/‎articles/defender-for-cloud/sql-azure-vulnerability-assessment-rules-changelog.md
Lines changed: 16 additions & 19 deletions
@@ -29,6 +29,7 @@ When you enable the Defender for Azure SQL plan in Defender for Cloud, Defender
 When you enable the Defender for Azure SQL plan in Defender for Cloud, Defender for Cloud automatically enables Advanced Threat Protection and vulnerability assessment with the express configuration for all Azure SQL databases in the selected subscription.
 
 You can enable vulnerability assessment in two ways:
+
 - [Express configuration](#express-configuration)
 - [Classic configuration](#classic-configuration)
 
@@ -37,10 +38,10 @@ You can enable vulnerability assessment in two ways:
 **To enable vulnerability assessment without a storage account, using the express configuration**:
 
 1. Sign in to the [Azure portal](https://portal.azure.com/).
-1. Open the specific Azure SQL Database resource. 
+1. Open the specific Azure SQL Database resource.
 1. Under the Security heading, select **Defender for Cloud**.
 1. Enable the express configuration of vulnerability assessment:
-   
+
    - **If vulnerability assessment is not configured**, select **Enable** in the notice that prompts you to enable the vulnerability assessment express configuration, and confirm the change.
 
       :::image type="content" source="media/sql-azure-vulnerability-assessment-enable/enable-express-vulnerability-assessment.png" alt-text="Screenshot of notice to enable the express vulnerability assessment configuration in the Defender for Cloud settings for a SQL server.":::
@@ -55,15 +56,15 @@ You can enable vulnerability assessment in two ways:
      > [!IMPORTANT]
      > Baselines and scan history are not migrated.
 
-      :::image type="content" source="media/sql-azure-vulnerability-assessment-enable/migrate-to-express-vulnerability-assessment.png" alt-text="Screenshot of notice to migrate from the classic to the express vulnerability assessment configuration in the Defender for Cloud settings for a SQL server.":::
+      :::image type="content" source="media/sql-azure-vulnerability-assessment-enable/migrate-to-express-vulnerability-assessment.png" alt-text="Screenshot of notice to migrate from classic to express vulnerability assessment configuration in the Defender for Cloud settings for a SQL server.":::
 
       You can also select **Configure** and then select **Enable** in the Microsoft Defender for SQL settings:
- 
+
       :::image type="content" source="media/sql-azure-vulnerability-assessment-enable/migrate-to-express-vulnerability-assessment-configure.png" alt-text="Screenshot of notice to migrate from the classic to the express vulnerability assessment configuration in the Microsoft Defender for SQL settings.":::
 
 Now you can go to the [**SQL databases should have vulnerability findings resolved**](https://ms.portal.azure.com/#view/Microsoft_Azure_Security_AzureDefenderForData/SqlVaServersRecommendationDetailsBlade/assessmentKey/82e20e14-edc5-4373-bfc4-f13121257c37) recommendation to see the vulnerabilities found in your databases. You can also run on-demand vulnerability assessment scans to see the current findings.
 
-> [!NOTE] 
+> [!NOTE]
 > Each database is randomly assigned a scan time on a set day of the week.
 
 #### Enable express vulnerability assessment at scale
@@ -90,12 +91,12 @@ To enable vulnerability assessment with a storage account, use the classic confi
 
     1. To configure vulnerability assessments to automatically run weekly scans to detect security misconfigurations, set **Periodic recurring scans** to **On**. The results are sent to the email addresses you provide in **Send scan reports to**. You can also send email notification to admins and subscription owners by enabling **Also send email notification to admins and subscription owners**.
 
-       > [!NOTE] 
+       > [!NOTE]
        > Each database is randomly assigned a scan time on a set day of the week. Email notifications are scheduled randomly per server on a set day of the week. The email notification report includes data from all recurring database scans that were executed during the preceding week (does not include on-demand scans).
 
 ---
 
-## Next steps  
+## Related content
 
 Learn more about:
 
 
@@ -1,6 +1,6 @@
 ---
 title: Manage vulnerability findings in your Azure SQL databases
-description: Learn how to remediate software vulnerabilities and disable findings with the express configuration on Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics.
+description: Learn how to remediate software vulnerabilities and disable findings with the express configuration.
 author: dcurwin
 ms.author: dacurwin
 ms.date: 06/14/2023
@@ -32,7 +32,7 @@ If the vulnerability settings show the option to configure a storage account, yo
 
 ### View scan history
 
-Select **Scan History** in the vulnerability assessment pane to view a history of all scans previously run on this database. 
+Select **Scan History** in the vulnerability assessment pane to view a history of all scans previously run on this database.
 
 Express configuration doesn't store scan results if they're identical to previous scans. The scan time shown in the scan history is the time of the last scan where the scan results changed.
 
@@ -178,7 +178,7 @@ Here are several examples to how you can set up baselines using ARM templates:
     }
     ```
 
-#### Using PowerShell 
+#### Using PowerShell
 
 Express configuration isn't supported in PowerShell cmdlets but you can use PowerShell to invoke the latest vulnerability assessment capabilities using REST API, for example:
 
@@ -211,7 +211,7 @@ To change an Azure SQL database from the express vulnerability assessment config
                -RecurringScansInterval Weekly `
                -ScanResultsContainerName "vulnerability-assessment"
    ```
-   
+
    You might have to tweak `Update-AzSqlServerVulnerabilityAssessmentSetting` according to [Store Vulnerability Assessment scan results in a storage account accessible behind firewalls and VNets](/azure/azure-sql/database/sql-database-vulnerability-assessment-storage).
 
 #### Errors
@@ -227,8 +227,8 @@ Possible causes:
 - Switching to express configuration failed due to a database policy error. Database policies aren't visible in the Azure portal for Defender for SQL vulnerability assessment, so we check for them during the validation stage of switching to express configuration.
 
    **Solution**: Disable all database policies for the relevant server and then try to switch to express configuration again.
--  Consider using the [provided PowerShell script](powershell-sample-vulnerability-assessment-azure-sql.md) for assistance.
 
+- Consider using the [provided PowerShell script](powershell-sample-vulnerability-assessment-azure-sql.md) for assistance.
 
 ## Classic configuration
 
@@ -248,6 +248,7 @@ Typical scenarios might include:
 - Disable findings from benchmarks that aren't of interest for a defined scope
 
 > [!IMPORTANT]
+>
 > - To disable specific findings, you need permissions to edit a policy in Azure Policy. Learn more in [Azure RBAC permissions in Azure Policy](../governance/policy/overview.md#azure-rbac-permissions-in-azure-policy).
 > - Disabled findings will still be included in the weekly SQL vulnerability assessment email report.
 > - Disabled rules are shown in the "Not applicable" section of the scan results.
@@ -308,8 +309,6 @@ You can use Azure PowerShell cmdlets to programmatically manage your vulnerabili
 | [Update-AzSqlInstanceDatabaseVulnerabilityAssessmentSetting](/powershell/module/az.sql/Update-AzSqlInstanceDatabaseVulnerabilityAssessmentSetting)         | Updates the vulnerability assessment settings of a managed database.                                                                         |
 | [Update-AzSqlInstanceVulnerabilityAssessmentSetting](/powershell/module/az.sql/Update-AzSqlInstanceVulnerabilityAssessmentSetting)                         | Updates the vulnerability assessment settings of a managed instance.                                                                         |
 
-
-
 For a script example, see [Azure SQL vulnerability assessment PowerShell support](/archive/blogs/sqlsecurity/azure-sql-vulnerability-assessment-now-with-powershell-support).
 
 #### Azure CLI
@@ -409,7 +408,6 @@ To handle Boolean types as true/false, set the baseline result with binary input
    }
 ```
 
-
 ---
 
 ## Next steps
@@ -418,5 +416,3 @@ To handle Boolean types as true/false, set the baseline result with binary input
 - Learn more about [data discovery and classification](/azure/azure-sql/database/data-discovery-and-classification-overview).
 - Learn more about [storing vulnerability assessment scan results in a storage account accessible behind firewalls and VNets](/azure/azure-sql/database/sql-database-vulnerability-assessment-storage).
 - Check out [common questions](faq-defender-for-databases.yml) about Azure SQL databases.
-
-
@@ -44,7 +44,7 @@ You can configure vulnerability assessment for your SQL databases with either:
 
 ### What's the difference between the express and classic configuration?
 
-Configuration modes benefits and limitations comparison: 
+Configuration modes benefits and limitations comparison:
 
 | Parameter | Express configuration | Classic configuration |
 |--|--|--|
@@ -60,7 +60,6 @@ Configuration modes benefits and limitations comparison:
 | Scan export | Azure Resource Graph | Excel format, Azure Resource Graph |
 | Supported Clouds | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Microsoft Azure operated by 21Vianet | :::image type="icon" source="./media/icons/yes-icon.png"::: Commercial clouds<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure Government<br>:::image type="icon" source="./media/icons/yes-icon.png"::: Azure operated by 21Vianet |
 
-
 ## Next steps  
 
 - Enable [SQL vulnerability assessments](sql-azure-vulnerability-assessment-enable.md)
 
@@ -1,9 +1,6 @@
 ---
 title: SQL vulnerability assessment rules changelog
 description: Changelog for SQL vulnerability assessment rules with SQL Server, Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics
-ms.author: cesanu
-author: CESANU
-ms.reviewer: wiassaf, vanto, mathoma
 ms.date: 11/29/2022
 ms.topic: reference
 ---
@@ -16,53 +13,53 @@ This article details the changes made to the SQL vulnerability assessment servic
 
 |Rule ID  |Rule Title  |Change details  |
 |---------|---------|---------|
-|VA1018 |Latest updates should be installed |Logic change | 
+|VA1018 |Latest updates should be installed |Logic change |
 
 ## July 2023
 
 |Rule ID  |Rule Title  |Change details  |
 |---------|---------|---------|
-|VA2129 |Changes to signed modules should be authorized |Logic change | 
+|VA2129 |Changes to signed modules should be authorized |Logic change |
 
 ## June 2022
 
 |Rule ID  |Rule Title  |Change details  |
 |---------|---------|---------|
-|VA2129 |Changes to signed modules should be authorized |Logic change | 
-|VA1219 |Transparent data encryption should be enabled |Logic change | 
-|VA1047 |Password expiration check should be enabled for all SQL logins |Logic change | 
+|VA2129 |Changes to signed modules should be authorized |Logic change |
+|VA1219 |Transparent data encryption should be enabled |Logic change |
+|VA1047 |Password expiration check should be enabled for all SQL logins |Logic change |
 
 ## January 2022
 
 |Rule ID  |Rule Title  |Change details  |
 |---------|---------|---------|
-|VA1288 |Sensitive data columns should be classified |Removed rule | 
-|VA1054 |Minimal set of principals should be members of fixed high impact database roles |Logic change | 
-|VA1220 |Database communication using TDS should be protected through TLS |Logic change | 
-|VA2120 |Features that may affect security should be disabled |Logic change | 
-|VA2129 |Changes to signed modules should be authorized |Logic change | 
+|VA1288 |Sensitive data columns should be classified |Removed rule |
+|VA1054 |Minimal set of principals should be members of fixed high impact database roles |Logic change |
+|VA1220 |Database communication using TDS should be protected through TLS |Logic change |
+|VA2120 |Features that may affect security should be disabled |Logic change |
+|VA2129 |Changes to signed modules should be authorized |Logic change |
 
 ## June 2021
 
 |Rule ID  |Rule Title  |Change details  |
 |---------|---------|---------|
-|VA1220 |Database communication using TDS should be protected through TLS |Logic change | 
-|VA2108 |Minimal set of principals should be members of fixed high impact database roles |Logic change | 
+|VA1220 |Database communication using TDS should be protected through TLS |Logic change |
+|VA2108 |Minimal set of principals should be members of fixed high impact database roles |Logic change |
 
 
 ## December 2020
 
 |Rule ID  |Rule Title  |Change details  |
 |---------|---------|---------|
-|VA1017 |Execute permissions on xp_cmdshell from all users (except dbo) should be revoked |Title and description change| 
+|VA1017 |Execute permissions on xp_cmdshell from all users (except dbo) should be revoked |Title and description change|
 |VA1021 |Global temporary stored procedures should be removed |Removed rule |
 |VA1024 |C2 Audit Mode should be enabled |Removed rule |
 |VA1042 |Database ownership chaining should be disabled for all databases except for `master`, `msdb`, and `tempdb` |Description change |
 |VA1044 |Remote Admin Connections should be disabled unless specifically required |Title and description change |
 |VA1047 |Password expiration check should be enabled for all SQL logins |Title and description change |
-|VA1051 |AUTO_CLOSE should be disabled on all databases |Description change | 
-|VA1053 |Account with default name 'sa' should be renamed or disabled |Description change | 
-|VA1067 |Database Mail XPs should be disabled when it is not in use | Title and description change | 
+|VA1051 |AUTO_CLOSE should be disabled on all databases |Description change |
+|VA1053 |Account with default name 'sa' should be renamed or disabled |Description change |
+|VA1067 |Database Mail XPs should be disabled when it is not in use | Title and description change |
 |VA1068 |Server permissions shouldn't be granted directly to principals |Logic change |
 |VA1069 |Permissions to select from system tables and views should be revoked from non-sysadmins |Removed rule |
 |VA1090 |Ensure all Government Off The Shelf (GOTS) and Custom Stored Procedures are encrypted |Removed rule |