Merge pull request #283543 from CESANU/patch-27

Update defender-for-sql-on-machines-vulnerability-assessment.md

Author: Stacyrch140

articles/defender-for-cloud/defender-for-sql-on-machines-vulnerability-assessment.md

@@ -141,6 +141,9 @@ Metadata information about the connected machine is also collected. Specifically
 
 You can specify the region where your SQL Vulnerability Assessment data will be stored by choosing the Log Analytics workspace location. Microsoft might replicate to other regions for data resiliency, but Microsoft does not replicate data outside the geography.
 
+> [!NOTE]
+> Changing the Defender for SQL on Machines plan's Log Analytics workspace will reset the scan results and baseline settings. If you revert to the original Log Analytics workspace within 90 days the the scan results and baseline settings will be made available again.
+
 ## Next step
 
 > [!div class="nextstepaction"]

articles/defender-for-cloud/faq-defender-for-databases.yml

@@ -38,13 +38,24 @@ sections:
 
           Performance always varies between environments, machines, and loads. The statements are provided as a general guideline, not a guarantee for any individual deployment.
 
+      - question: |
+          I changed the Log Analytics workspace for Defender for SQL on Machines and lost all my scan results and baselines settings. What happened?
+        answer: |
+          The scan results and baselines are not stored in the Log Analytics workspace but are linked to it. Changing the workspace will reset the scan results and baseline settings. However, if you revert to the original workspace within 90 days, the scan results and baseline settings will be restored. [Read more](defender-for-sql-on-machines-vulnerability-assessment.md#data-residency)
+
       - question: |
           What happens to the old scan results and baselines after I switch to express configuration?
         answer: |
           Old results and baselines settings remain available on your storage account, but won't be updated or used by the system. You don't need to maintain these files for SQL vulnerability assessment to work after you switch to express configuration, but you can keep your old baseline definitions for future reference.
 
           When express configuration is enabled, you don't have direct access to the result and baseline data because it's stored on internal Microsoft storage.
 
+      - question: |
+          Why is my Azure SQL Server marked as unhealthy for "SQL servers should have vulnerability assessment configured", even though I’ve properly set it up using classic configuration?
+        answer: |
+          The policy behind this recommendation checks for the existence of subassessments for the server. With classic configuration, system databases are scanned only if at least one user database exists. Therefore, a server without any user databases will not have scans or reported scan results, causing the policy to remain unhealthy. 
+          Switching to express configuration will enable scheduled and manual scans for system databases, thus mitigating this issue.
+
       - question: |
           Can I set up recurring scans with express configuration?
         answer: |
@@ -99,4 +110,4 @@ additionalContent: |
   ## Next steps
   
   [Learn about Defender for Databases](quickstart-enable-database-protections.md)
-  
+  

articles/defender-for-cloud/sql-azure-vulnerability-assessment-overview.md

@@ -52,6 +52,7 @@ Configuration modes benefits and limitations comparison:
 | Supported Policy Scope | • Subscription<br>• Server | • Subscription<br>• Server<br>• Database |
 | Dependencies | None | Azure storage account |
 | Recurring scan | • Always active<br>• Scan scheduling is internal and not configurable | • Configurable on/off<br>Scan scheduling is internal and not configurable |
+| System databases scan | • Scheduled scan<br>• Manual scan | • Scheduled scan only if there's one user database or more<br>• Manual scan every time a user database is scanned |
 | Supported Rules | All vulnerability assessment rules for the supported resource type. | All vulnerability assessment rules for the supported resource type. |
 | Baseline Settings | • Batch – several rules in one command<br>• Set by latest scan results<br>• Single rule | • Single rule |
 | Apply baseline | Will take effect **without** rescanning the database | Will take effect **only after** rescanning the database |