重要
注意:根据世纪互联发布的公告,2026 年 8 月 18 日,中国地区的 Azure 中将正式停用所有 Microsoft Defender for Cloud 功能。
本文列出了可用于 SQL 漏洞评估快速配置的 Azure 命令行接口 (CLI) 命令。
本文中的示例应在 PowerShell 中运行;不能直接照搬到 Bash 中使用。
- 获取 SQL 漏洞评估设置
- 设置 SQL 漏洞评估设置
- 删除 SQL 漏洞评估设置
- 对用户数据库调用 SQL 漏洞评估扫描
- 对系统数据库调用 SQL 漏洞评估扫描
- 获取用户数据库的 SQL 漏洞评估扫描结果
- 获取针对系统数据库的 SQL 漏洞评估扫描
- 获取 SQL 漏洞评估扫描操作结果
- 获取系统数据库上的 SQL 漏洞评估扫描结果
- 获取用户数据库的 SQL 漏洞评估扫描结果
- 获取 SQL 漏洞评估基线
- 添加 SQL 漏洞评估基线
- 获取用户数据库的 SQL 漏洞评估基线规则
- 获取系统数据库的 SQL 漏洞评估基线规则
- 在用户数据库上设置 SQL 漏洞评估基线规则
- 在系统数据库上设置 SQL 漏洞评估基线规则
- 删除 SQL 漏洞评估基线规则
可以使用此 cmdlet 获取可用扫描 ID 的列表 - 获取 SQL 漏洞评估扫描
获取 SQL 漏洞评估设置
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default",
"name": "default",
"properties": {
"creationTime": "2026-05-15T08:52:39.3476874+00:00",
"state": "Enabled"
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments"
}
注释
当该资源从未配置过漏洞评估时,RP 会返回 HTTP 200,并包含 "state": "Disabled"(且不包含 creationTime),而不是返回 HTTP 404。
设置 SQL 漏洞评估设置
Example 1:在Azure SQL服务器上启用漏洞评估设置。
az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview --body '{ \"properties\": { \"state\": \"Enabled\" } }'
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default",
"name": "default",
"properties": {
"state": "Enabled"
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments"
}
示例 2:禁用漏洞评估设置。
az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview --body '{ \"properties\": { \"state\": \"Disabled\" } }'
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/providers/Microsoft.Security/sqlVulnerabilityAssessments/default",
"name": "default",
"properties": {
"state": "Disabled"
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments"
}
删除 SQL 漏洞评估设置
SQL 托管实例的示例。
az rest --method Delete --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default?api-version=2026-04-01-preview
返回 HTTP 200,成功时正文为空。
对用户数据库调用 SQL 漏洞评估扫描
az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/initiateScan?api-version=2026-04-01-preview
响应为 HTTP 202 已接受 ,正文为空。 操作 ID 会在 Location 响应标头中返回,例如:
Location: https://management.chinacloudapi.cn/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scanOperationResults/9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11?api-version=2026-04-01-preview
使用 获取 SQL 漏洞评估扫描操作结果 轮询该 URL 以跟踪扫描进度。 若要从 az rest中捕获标头,请使用以下命令请求完整的响应 --output-file:
az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/initiateScan?api-version=2026-04-01-preview --output-file scan-response.json --verbose
对系统数据库调用 SQL 漏洞评估扫描
SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数传递。
az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/initiateScan?api-version=2026-04-01-preview --uri-parameters databaseName=master
与用户数据库表单相同的 202 + Location 标头语义。
获取对用户数据库的 SQL 漏洞评估扫描
示例 1:列出为数据库记录的每个扫描。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans?api-version=2026-04-01-preview
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602",
"name": "Scheduled-20260602",
"properties": {
"triggerType": "Scheduled",
"state": "Passed",
"startTime": "2026-06-02T08:00:01.4142209Z",
"endTime": "2026-06-02T08:00:47.5235755Z",
"server": "vulnerabilityaseessmenttest",
"database": "db",
"sqlVersion": "16.0.5100",
"highSeverityFailedRulesCount": 0,
"mediumSeverityFailedRulesCount": 0,
"lowSeverityFailedRulesCount": 0,
"totalPassedRulesCount": 24,
"totalFailedRulesCount": 0,
"totalRulesCount": 24,
"isBaselineApplied": true
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans"
}
]
}
示例 2:按 ID 获取单个扫描记录。使用文本 latest 检索最新的扫描。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest?api-version=2026-04-01-preview
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602",
"name": "Scheduled-20260602",
"properties": {
"triggerType": "Scheduled",
"state": "Passed",
"startTime": "2026-06-02T08:00:01.4142209Z",
"endTime": "2026-06-02T08:00:47.5235755Z",
"server": "vulnerabilityaseessmenttest",
"database": "db",
"sqlVersion": "16.0.5100",
"highSeverityFailedRulesCount": 0,
"mediumSeverityFailedRulesCount": 0,
"lowSeverityFailedRulesCount": 0,
"totalPassedRulesCount": 24,
"totalFailedRulesCount": 0,
"totalRulesCount": 24,
"isBaselineApplied": true
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans"
}
获取系统数据库上的 SQL 漏洞评估扫描
Synapse 工作区 master 数据库的示例。 URL 省略 /sqlPools/{pool} 该段,并 databaseName=master 作为查询参数提供。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Synapse/workspaces/vaSynapseWs/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans?api-version=2026-04-01-preview --uri-parameters databaseName=master
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Synapse/workspaces/vaSynapseWs/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602",
"name": "Scheduled-20260602",
"properties": {
"triggerType": "Scheduled",
"state": "Passed",
"startTime": "2026-06-02T08:05:01.0000000Z",
"endTime": "2026-06-02T08:05:42.0000000Z",
"server": "vaSynapseWs",
"database": "master",
"totalPassedRulesCount": 9,
"totalFailedRulesCount": 0,
"totalRulesCount": 9,
"isBaselineApplied": true
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans"
}
]
}
同一模式(省略 /databases/{db} + 添加 --uri-parameters databaseName=master|model|msdb)用于 SQL 托管实例系统数据库。
获取 SQL 漏洞评估扫描操作结果
轮询以前使用 Invoke SQL 漏洞评估扫描启动的正在进行的扫描。 操作 ID 是在 Location 响应的 Invoke 标头中返回的 GUID。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scanOperationResults/9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11?api-version=2026-04-01-preview
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/scanOperationResults/9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11",
"name": "9e2c1b3a-4d6f-4d8b-9b88-3c2e9a7e0a11",
"properties": {
"scanStatus": "InProgress",
"startTime": "2026-06-02T12:00:01Z"
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanOperationResults"
}
当扫描进入终态时,scanStatus 会切换为 Passed 或 Failed,且 endTime 会被填充。
获取用户数据库的 SQL 漏洞评估扫描结果
示例 1:列出给定扫描的每个规则结果。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?api-version=2026-04-01-preview
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA1219",
"name": "VA1219",
"properties": {
"ruleId": "VA1219",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [["False"]],
"baselineAdjustedResult": {
"baseline": { "expectedResults": [["False"]], "updatedTime": "2026-05-15T08:52:39.3476874+00:00" },
"status": "NonFinding",
"resultsNotInBaseline": [],
"resultsOnlyInBaseline": []
},
"remediation": {
"description": "Enable TDE on the affected databases",
"scripts": [],
"automated": false,
"portalLink": "EnableTDE"
},
"ruleMetadata": {
"ruleId": "VA1219",
"severity": "Medium",
"category": "DataProtection",
"ruleType": "Binary",
"title": "Transparent data encryption should be enabled",
"description": "Transparent data encryption (TDE) helps to protect the database files against information disclosure ...",
"rationale": "Transparent Data Encryption (TDE) protects data 'at rest' ..."
}
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"
}
]
}
Example 2:在 SQL VM 上获取单个规则的结果(Microsoft.Compute/virtualMachines)。 VM 和 Arc 支持扫描结果和基线操作——只有策略、扫描启动/轮询和扫描记录(Get scan)操作仅适用于 PaaS。 在 IaaS 上,由于未开放扫描记录枚举功能,scans/latest/scanResults 路径是读取扫描数据的方式。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Compute/virtualMachines/vaSqlVm/sqlServers/MSSQLSERVER/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults/VA2065?api-version=2026-04-01-preview
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Compute/virtualMachines/vaSqlVm/sqlServers/MSSQLSERVER/databases/master/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602/scanResults/VA2065",
"name": "VA2065",
"properties": {
"ruleId": "VA2065",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Evaluate each of the server-level firewall rules. Remove any rules that grant unnecessary access and set the rest as a baseline.",
"scripts": [],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"ruleMetadata": {
"ruleId": "VA2065",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "BaselineExpected",
"title": "Server-level firewall rules should be tracked and maintained at a strict minimum"
}
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"
}
获取系统数据库上的 SQL 漏洞评估扫描结果
SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数提供。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/latest/scanResults?api-version=2026-04-01-preview --uri-parameters databaseName=master
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/scans/Scheduled-20260602/scanResults/VA2065",
"name": "VA2065",
"properties": {
"ruleId": "VA2065",
"status": "NonFinding",
"isTrimmed": false,
"queryResults": [],
"remediation": {
"description": "Evaluate each of the server-level firewall rules.",
"scripts": [],
"automated": false,
"portalLink": "ReviewServerFirewallRules"
},
"ruleMetadata": {
"ruleId": "VA2065",
"severity": "High",
"category": "SurfaceAreaReduction",
"ruleType": "BaselineExpected",
"title": "Server-level firewall rules should be tracked and maintained at a strict minimum"
}
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults"
}
]
}
获取 SQL 漏洞评估基线
返回为数据库配置的完整基线规则集。 在 V20260401 API 中,基线状态直接通过 baselineRules 集合公开(不再使用旧 baselines/default 资源)。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules?api-version=2026-04-01-preview
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1143",
"name": "VA1143",
"properties": {
"results": [["True"]]
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
},
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1219",
"name": "VA1219",
"properties": {
"results": [["False"]]
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
]
}
添加 SQL 漏洞评估基线
通过一次针对 baselineRules 集合的 POST 请求,批量添加或替换多个基线规则。
示例 1:使用最近一次扫描结果初始化基线。 将 latestScan 设置为 true,并将 results 留空。 响应是基线规则的标准 ARM 列表(与 获取 SQL 漏洞评估基线的形状相同)。
az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules?api-version=2026-04-01-preview --body '{ \"latestScan\": true, \"results\": {} }'
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1143",
"name": "VA1143",
"properties": { "results": [["True"]] },
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
},
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA1219",
"name": "VA1219",
"properties": { "results": [["False"]] },
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
]
}
示例 2:为规则 VA2062 添加特定的基线值(数据库级防火墙规则允许列表)。
az rest --method Post --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules?api-version=2026-04-01-preview --body '{ \"latestScan\": false, \"results\": { \"VA2062\": [ [ \"AllowAll\", \"0.0.0.0\", \"255.255.255.255\" ] ] } }'
{
"value": [
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062",
"name": "VA2062",
"properties": { "results": [["AllowAll", "0.0.0.0", "255.255.255.255"]] },
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
]
}
获取用户数据库的 SQL 漏洞评估基线规则
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062?api-version=2026-04-01-preview
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062",
"name": "VA2062",
"properties": {
"results": [
[ "AllowAll", "0.0.0.0", "255.255.255.255" ]
]
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
获取系统数据库的 SQL 漏洞评估基线规则
SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数提供。
az rest --method Get --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065?api-version=2026-04-01-preview --uri-parameters databaseName=master
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065",
"name": "VA2065",
"properties": {
"results": [
[ "AllowAll", "0.0.0.0", "255.255.255.255" ]
]
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
在用户数据库上设置 SQL 漏洞评估基线规则
请求体是扁平的 — { "latestScan": <bool>, "results": [[…]] }。 V20260401 基线规则端点会拒绝将有效负载封装在 properties 封装层中的请求。
az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062?api-version=2026-04-01-preview --body '{ \"latestScan\": false, \"results\": [ [ \"AllowAll\", \"0.0.0.0\", \"255.255.255.255\" ] ] }'
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/servers/vulnerabilityaseessmenttest/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062",
"name": "VA2062",
"properties": {
"results": [
[ "AllowAll", "0.0.0.0", "255.255.255.255" ]
]
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
在系统数据库上设置 SQL 漏洞评估基线规则
SQL 托管实例 master 数据库的示例。 URL 省略 /databases/{db} 该段,并 databaseName=master 作为查询参数提供。 请求正文使用与用户数据库窗体相同的 平面 形状。
az rest --method Put --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065?api-version=2026-04-01-preview --uri-parameters databaseName=master --body '{ \"latestScan\": false, \"results\": [ [ \"AllowAll\", \"0.0.0.0\", \"255.255.255.255\" ] ] }'
{
"id": "/subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.Sql/managedInstances/vulnerabilityaseessmentmi/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2065",
"name": "VA2065",
"properties": {
"results": [
[ "AllowAll", "0.0.0.0", "255.255.255.255" ]
]
},
"type": "Microsoft.Security/sqlVulnerabilityAssessments/baselineRules"
}
删除 SQL 漏洞评估基线规则
所示示例为已启用 Arc 的 SQL Server 数据库(Microsoft.HybridCompute/machines)。 VM 和 Arc 支持基线相关操作——只有策略、扫描启动/轮询以及扫描记录(Get scan)是 PaaS 专属操作。
az rest --method Delete --uri /subscriptions/<SubscriptionID>/resourceGroups/vulnerabilityaseessmenttestRg/providers/Microsoft.HybridCompute/machines/vaSqlArc/sqlServers/MSSQLSERVER/databases/db/providers/Microsoft.Security/sqlVulnerabilityAssessments/default/baselineRules/VA2062?api-version=2026-04-01-preview
成功时返回 HTTP 200 且响应体为空;如果该规则不存在,则返回 204 No Content。