Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Attention: All Microsoft Defender for Cloud features will be officially retired in Azure in China region on August 18, 2026 per the announcement posted by 21Vianet.
This article provides guidance on how to troubleshoot any issues you encounter when configuring Defender for Cloud in express or classic mode.
Revert back to the classic configuration
To change an Azure SQL database from the express vulnerability assessment configuration to the classic configuration:
Disable the Defender for Azure SQL plan from the Azure portal.
Use PowerShell to reconfigure using the classic experience:
Update-AzSqlServerAdvancedThreatProtectionSetting ` -ResourceGroupName "demo-rg" ` -ServerName "dbsrv1" ` -Enable 1 Update-AzSqlServerVulnerabilityAssessmentSetting ` -ResourceGroupName "demo-rg" ` -ServerName "dbsrv1" ` -StorageAccountName "mystorage" ` -RecurringScansInterval Weekly ` -ScanResultsContainerName "vulnerability-assessment"You might have to tweak
Update-AzSqlServerVulnerabilityAssessmentSettingaccording to Store Vulnerability Assessment scan results in a storage account accessible behind firewalls and VNets.
Errors
“Vulnerability Assessment is enabled on this server or one of its underlying databases with an incompatible version”
Possible causes:
Switching to express configuration failed due to a server policy error.
Solution: Try again to enable the express configuration. If the issue persists, try to disable the Microsoft Defender for SQL in the Azure SQL resource, select Save, enable Microsoft Defender for SQL again, and select Save.
Switching to express configuration failed due to a database policy error. Database policies aren't visible in the Azure portal for Defender for SQL vulnerability assessment, so we check for them during the validation stage of switching to express configuration.
Solution: Disable all database policies for the relevant server and then try to switch to express configuration again.
Consider using the provided PowerShell script for assistance.