快速配置 Azure 命令行接口 (CLI) 命令参考

重要

注意:根据世纪互联发布的公告2026 年 8 月 18 日,中国地区的 Azure 中将正式停用所有 Microsoft Defender for Cloud 功能。

重要

已更新以反映 SQL 漏洞评估统一 API 参考,可在以下项中找到:

本文列出了可用于 SQL 漏洞评估快速配置的 Azure 命令行接口 (CLI) 命令。

本文中的示例应在 PowerShell 中运行;不能直接照搬到 Bash 中使用。

可以使用此 cmdlet 获取可用扫描 ID 的列表 - 获取 SQL 漏洞评估扫描

获取 SQL 漏洞评估设置

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default",
  "name": "default",
  "properties": {
    "creationTime": "2026-05-15T08:52:39.3476874+00:00",
    "state": "Enabled"
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments"
}

注释

当该资源从未配置过漏洞评估时,RP 会返回 HTTP 200,并包含 "state": "Disabled"(且不包含 creationTime),而不是返回 HTTP 404。

设置 SQL 漏洞评估设置

Example 1:在Azure SQL服务器上启用漏洞评估设置。

az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview --body '{ \"properties\": { \"state\": \"Enabled\" } }'

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default",
  "name": "default",
  "properties": {
    "state": "Enabled"
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments"
}

示例 2:禁用漏洞评估设置。

az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview --body '{ \"properties\": { \"state\": \"Disabled\" } }'

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default",
  "name": "default",
  "properties": {
    "state": "Disabled"
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments"
}

删除 SQL 漏洞评估设置

SQL 托管实例的示例。

az rest --method Delete --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview

返回 HTTP 200,成功时正文为空。

对用户数据库调用 SQL 漏洞评估扫描

az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/initiateScan?api-version=2026-04-01-preview

响应为 HTTP 202 已接受 ,正文为空。 操作 ID 会在 Location 响应标头中返回,例如:

Location: https://management.chinacloudapi.cn/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scanOperationResults/9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11?api-version=2026-04-01-preview

使用 获取 SQL 漏洞评估扫描操作结果 轮询该 URL 以跟踪扫描进度。 若要从 az rest中捕获标头,请使用以下命令请求完整的响应 --output-file

az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/initiateScan?api-version=2026-04-01-preview --output-file scan-response.json --verbose

对系统数据库调用 SQL 漏洞评估扫描

SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数传递。

az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/initiateScan?api-version=2026-04-01-preview --uri-parameters databaseName=master

与用户数据库表单相同的 202 + Location 标头语义。

获取对用户数据库的 SQL 漏洞评估扫描

示例 1:列出为数据库记录的每个扫描。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans?api-version=2026-04-01-preview

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602",
      "name": "Scheduled-20260602",
      "properties": {
        "triggerType": "Scheduled",
        "state": "Passed",
        "startTime": "2026-06-02T08:00:01.4142209Z",
        "endTime": "2026-06-02T08:00:47.5235755Z",
        "server": "vulnerabilityaseessmenttest",
        "database": "db",
        "sqlVersion": "16.0.5100",
        "highSeverityFailedRulesCount": 0,
        "mediumSeverityFailedRulesCount": 0,
        "lowSeverityFailedRulesCount": 0,
        "totalPassedRulesCount": 24,
        "totalFailedRulesCount": 0,
        "totalRulesCount": 24,
        "isBaselineApplied": true
      },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans"
    }
  ]
}

示例 2:按 ID 获取单个扫描记录。使用文本 latest 检索最新的扫描。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest?api-version=2026-04-01-preview

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602",
  "name": "Scheduled-20260602",
  "properties": {
    "triggerType": "Scheduled",
    "state": "Passed",
    "startTime": "2026-06-02T08:00:01.4142209Z",
    "endTime": "2026-06-02T08:00:47.5235755Z",
    "server": "vulnerabilityaseessmenttest",
    "database": "db",
    "sqlVersion": "16.0.5100",
    "highSeverityFailedRulesCount": 0,
    "mediumSeverityFailedRulesCount": 0,
    "lowSeverityFailedRulesCount": 0,
    "totalPassedRulesCount": 24,
    "totalFailedRulesCount": 0,
    "totalRulesCount": 24,
    "isBaselineApplied": true
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans"
}

获取系统数据库上的 SQL 漏洞评估扫描

Synapse 工作区 master 数据库的示例。 URL 省略 /sqlPools/{pool} 该段,并 databaseName=master 作为查询参数提供。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Synapse/workspaces/vaSynapseWs/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans?api-version=2026-04-01-preview --uri-parameters databaseName=master

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Synapse/workspaces/vaSynapseWs/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602",
      "name": "Scheduled-20260602",
      "properties": {
        "triggerType": "Scheduled",
        "state": "Passed",
        "startTime": "2026-06-02T08:05:01.0000000Z",
        "endTime": "2026-06-02T08:05:42.0000000Z",
        "server": "vaSynapseWs",
        "database": "master",
        "totalPassedRulesCount": 9,
        "totalFailedRulesCount": 0,
        "totalRulesCount": 9,
        "isBaselineApplied": true
      },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans"
    }
  ]
}

同一模式(省略 /databases/{db} + 添加 --uri-parameters databaseName=master|model|msdb)用于 SQL 托管实例系统数据库。

获取 SQL 漏洞评估扫描操作结果

轮询以前使用 Invoke SQL 漏洞评估扫描启动的正在进行的扫描。 操作 ID 是在 Location 响应的 Invoke 标头中返回的 GUID。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scanOperationResults/9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11?api-version=2026-04-01-preview

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scanOperationResults/9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11",
  "name": "9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11",
  "properties": {
    "scanStatus": "InProgress",
    "startTime": "2026-06-02T12:00:01Z"
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanOperationResults"
}

当扫描进入终态时,scanStatus 会切换为 PassedFailed,且 endTime 会被填充。

获取用户数据库的 SQL 漏洞评估扫描结果

示例 1:列出给定扫描的每个规则结果。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?api-version=2026-04-01-preview

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA1219",
      "name": "VA1219",
      "properties": {
        "ruleId": "VA1219",
        "status": "NonFinding",
        "isTrimmed": false,
        "queryResults": [["False"]],
        "baselineAdjustedResult": {
          "baseline": { "expectedResults": [["False"]], "updatedTime": "2026-05-15T08:52:39.3476874+00:00" },
          "status": "NonFinding",
          "resultsNotInBaseline": [],
          "resultsOnlyInBaseline": []
        },
        "remediation": {
          "description": "Enable TDE on the affected databases",
          "scripts": [],
          "automated": false,
          "portalLink": "EnableTDE"
        },
        "ruleMetadata": {
          "ruleId": "VA1219",
          "severity": "Medium",
          "category": "DataProtection",
          "ruleType": "Binary",
          "title": "Transparent data encryption should be enabled",
          "description": "Transparent data encryption (TDE) helps to protect the database files against information disclosure ...",
          "rationale": "Transparent Data Encryption (TDE) protects data 'at rest' ..."
        }
      },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"
    }
  ]
}

Example 2:在 SQL VM 上获取单个规则的结果(Microsoft.Compute/virtualMachines)。 VM 和 Arc 支持扫描结果和基线操作——只有策略、扫描启动/轮询和扫描记录(Get scan)操作仅适用于 PaaS。 在 IaaS 上,由于未开放扫描记录枚举功能,scans/latest/scanResults 路径是读取扫描数据的方式。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Compute/virtualMachines/vaSqlVm/sqlServers/MSSQLSERVER/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA2065?api-version=2026-04-01-preview

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Compute/virtualMachines/vaSqlVm/sqlServers/MSSQLSERVER/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602/scanResults/VA2065",
  "name": "VA2065",
  "properties": {
    "ruleId": "VA2065",
    "status": "NonFinding",
    "isTrimmed": false,
    "queryResults": [],
    "remediation": {
      "description": "Evaluate each of the server-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline.",
      "scripts": [],
      "automated": false,
      "portalLink": "ReviewServerFirewallRules"
    },
    "ruleMetadata": {
      "ruleId": "VA2065",
      "severity": "High",
      "category": "SurfaceAreaReduction",
      "ruleType": "BaselineExpected",
      "title": "Server-level firewall rules should be tracked and maintained at a strict minimum"
    }
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"
}

获取系统数据库上的 SQL 漏洞评估扫描结果

SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数提供。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?api-version=2026-04-01-preview --uri-parameters databaseName=master

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602/scanResults/VA2065",
      "name": "VA2065",
      "properties": {
        "ruleId": "VA2065",
        "status": "NonFinding",
        "isTrimmed": false,
        "queryResults": [],
        "remediation": {
          "description": "Evaluate each of the server-level firewall rules.",
          "scripts": [],
          "automated": false,
          "portalLink": "ReviewServerFirewallRules"
        },
        "ruleMetadata": {
          "ruleId": "VA2065",
          "severity": "High",
          "category": "SurfaceAreaReduction",
          "ruleType": "BaselineExpected",
          "title": "Server-level firewall rules should be tracked and maintained at a strict minimum"
        }
      },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"
    }
  ]
}

获取 SQL 漏洞评估基线

返回为数据库配置的完整基线规则集。 在 V20260401 API 中,基线状态直接通过 baselineRules 集合公开(不再使用旧 baselines/default 资源)。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules?api-version=2026-04-01-preview

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1143",
      "name": "VA1143",
      "properties": {
        "results": [["True"]]
      },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
    },
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1219",
      "name": "VA1219",
      "properties": {
        "results": [["False"]]
      },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
    }
  ]
}

添加 SQL 漏洞评估基线

通过一次针对 baselineRules 集合的 POST 请求,批量添加或替换多个基线规则。

示例 1:使用最近一次扫描结果初始化基线。 将 latestScan 设置为 true,并将 results 留空。 响应是基线规则的标准 ARM 列表(与 获取 SQL 漏洞评估基线的形状相同)。

az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules?api-version=2026-04-01-preview --body '{ \"latestScan\": true, \"results\": {} }'

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1143",
      "name": "VA1143",
      "properties": { "results": [["True"]] },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
    },
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1219",
      "name": "VA1219",
      "properties": { "results": [["False"]] },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
    }
  ]
}

示例 2:为规则 VA2062 添加特定的基线值(数据库级防火墙规则允许列表)。

az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules?api-version=2026-04-01-preview --body '{ \"latestScan\": false, \"results\": { \"VA2062\": [ [ \"AllowAll\", \"0.0.0.0\", \"255.255.255.255\" ] ] } }'

{
  "value": [
    {
      "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062",
      "name": "VA2062",
      "properties": { "results": [["AllowAll", "0.0.0.0", "255.255.255.255"]] },
      "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
    }
  ]
}

获取用户数据库的 SQL 漏洞评估基线规则

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062?api-version=2026-04-01-preview

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062",
  "name": "VA2062",
  "properties": {
    "results": [
      [ "AllowAll", "0.0.0.0", "255.255.255.255" ]
    ]
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}

获取系统数据库的 SQL 漏洞评估基线规则

SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数提供。

az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065?api-version=2026-04-01-preview --uri-parameters databaseName=master

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065",
  "name": "VA2065",
  "properties": {
    "results": [
      [ "AllowAll", "0.0.0.0", "255.255.255.255" ]
    ]
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}

在用户数据库上设置 SQL 漏洞评估基线规则

请求体是扁平的{ "latestScan": <bool>, "results": [[…]] }。 V20260401 基线规则端点会拒绝将有效负载封装在 properties 封装层中的请求。

az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062?api-version=2026-04-01-preview --body '{ \"latestScan\": false, \"results\": [ [ \"AllowAll\", \"0.0.0.0\", \"255.255.255.255\" ] ] }'

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062",
  "name": "VA2062",
  "properties": {
    "results": [
      [ "AllowAll", "0.0.0.0", "255.255.255.255" ]
    ]
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}

在系统数据库上设置 SQL 漏洞评估基线规则

SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数提供。 请求正文使用与用户数据库窗体相同的 平面 形状。

az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065?api-version=2026-04-01-preview --uri-parameters databaseName=master --body '{ \"latestScan\": false, \"results\": [ [ \"AllowAll\", \"0.0.0.0\", \"255.255.255.255\" ] ] }'

{
  "id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065",
  "name": "VA2065",
  "properties": {
    "results": [
      [ "AllowAll", "0.0.0.0", "255.255.255.255" ]
    ]
  },
  "type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}

删除 SQL 漏洞评估基线规则

所示示例为已启用 Arc 的 SQL Server 数据库(Microsoft.HybridCompute/machines)。 VM 和 Arc 支持基线相关操作——只有策略、扫描启动/轮询以及扫描记录(Get scan)是 PaaS 专属操作。

az rest --method Delete --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.HybridCompute/machines/vaSqlArc/sqlServers/MSSQLSERVER/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062?api-version=2026-04-01-preview

成功时返回 HTTP 200 且响应体为空;如果该规则不存在,则返回 204 No Content。

后续步骤

查找和修正 Azure SQL 数据库中的漏洞