This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 63%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
We recently received an Azure Advisor recommendation stating that "SQL databases should have vulnerability findings resolved." We would like clarification on how to apply this recommendation and whether implementing the suggested changes will impact our current live system.
Under this recommendation, we have identified two high-severity items that need to be resolved:
Affected Databases: sqlsvrgroupenrolment-secondary (master) sqlsvrgroupenrolment (master)
Affected Database: sqlsvrgroupenrolment-secondary (master)
Can you please provide clarifications for the below
We appreciate your assistance and look forward to your guidance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Following up to see if the below answer was helpful. Please remember to "Accept Answer" if answer helped you. This will help us as well as others in the community who might be researching similar questions. if you have any further query do let us know.
Thank you for posting this in Microsoft Q&A.
I can help clarify the questions you have regarding the Azure Advisor recommendation to resolve vulnerability findings in SQL databases.
Regarding VA2065, we currently have three firewall rules configured under "Networking" in the sqlsvrgroupenrolment SQL Server. Why does this recommendation specifically mention the sqlsvrgroupenrolment (master) database?
The Azure SQL server-level firewall helps protect your data by preventing all access to your databases until you specify which IP addresses have permission. Server-level firewall rules grant access to all databases that belong to the server based on the originating IP address of each request. The recommendation specifically mentions the sqlsvrgroupenrolment (master) database because it is essential to track and maintain server-level firewall rules to protect your data. The master database is a system database that contains system objects and metadata for the SQL Server instance.
Regarding VA2065, we do not have any firewall rules in the sqlsvrgroupenrolment-secondary SQL Server. If we configure three firewall rules similar to those in sqlsvrgroupenrolment, will that resolve the issue?
If you do not have any firewall rules in the sqlsvrgroupenrolment-secondary SQL Server, configuring three firewall rules similar to those in sqlsvrgroupenrolment can help resolve the issue by ensuring consistent security measures across your databases.
Does enabling firewall rules on an Azure SQL Server incur any additional costs? If so, please provide details on the associated costs.
No, configuring firewall rules on Azure SQL Database does not incur any additional costs. You can set up as many firewall rules as needed without affecting your billing. However, keep in mind that the overall performance and security of your database can be impacted by how you configure these rules.
Regarding VA2061, if we enable Azure SQL Auditing under "Auditing" in the sqlsvrgroupenrolment-secondary SQL Server, will that resolve the issue?
Yes, enabling server-level auditing in sqlsvrgroupenrolment-secondary should resolve the recommendation.
Does enabling Azure SQL Auditing on an Azure SQL Server incur any additional costs? If so, please provide details on the associated costs.
Yes, enabling Azure SQL Auditing can incur additional costs, depending on the auditing target you choose. If you choose to store audit logs in Azure Storage, you will be charged for the storage used. If you use Azure Monitor logs, there may be costs associated with data ingestion and retention. It's important to review the Azure SQL Database pricing page and the Azure Storage pricing page for detailed information on costs associated with auditing.
Hope this helps. Do let us know if you any further queries.
Hi Lalitha,
The recommendation mentions the master database because it is a system database used for managing server-level configurations, including firewall rules.
If you configure similar firewall rules on sqlsvrgroupenrolment-secondary, it should resolve the issue. Ensure the rules are as restrictive as possible to maintain security.
Configuring firewall rules on Azure SQL Server does not incur additional costs. It is part of the standard security features provided.
Enabling Azure SQL Auditing on sqlsvrgroupenrolment-secondary should resolve the issue. Auditing helps track and log database activities for security and compliance.
Enabling Azure SQL Auditing can incur additional costs, especially if you store audit logs in Azure Storage, Log Analytics, or Event Hubs. The costs depend on the volume of logs and the retention period. Check the Azure Pricing Calculator for detailed estimates.
Implementing these changes should enhance your security posture. However, always test changes in a non-production environment before applying them to live systems to ensure there is no impact on performance or functionality.
rgds,
Alex