Microsoft has recently announced a very interesting feature for security of your SQL Server. I really loved this new feature – SQL Vulnerability Assessment. Unlike most of the other V1 features which MS releases, this time I really liked this particular feature. This feature not only provides the assessments, but also the solutions.
This feature works with SQL Server 2012 and later version of SQL Server. Additionally, this is only possible for SSMS version 17.4 and later version. This feature is absolutely FREE and available
This feature can help users to understand their any issues persisting in their SQL Server environment. I am SQL Server Performance Tuning expert, but quite often user asks me questions related to Security and I am very confident that tools like this one will help users to understand what exactly is wrong with their security and how they can improve them.
Let us see with the help of images, how we can run the SQL Vulnerability Assessment report.
Right click on your Database >> Go to Tasks >> Click on Vulnerability Assessment >> Click on Scan For Vulnerabilities…
It will bring up following image, where you can specify where exactly you want to save your Vulnerability Report. You can later on open the same report by going to select Open Existing Scan option in the Vulnerability Assessment menu.
The report will look very similar to report displayed in the image below. The part which I really love about this report is the Risk categorization. They have three different categories a) High Risk, b) Medium Risk and c) Low Risk.
Once you see the list of the Security Check failed, you can further click on them and it also lists the query which runs under the hood for check as well as the query to fix the security vulnerability.
I am extremely impressed with this tool. I want to congratulate the MS developer for this amazing feature in SSMS.
Though, I have said it on the top of the blog post, I would like to repeat it again that SQL Vulnerability Assessment feature only works for SQL Server 2012 and SSMS version 17.4. You can get the latest version of SQL Server by clicking on this link.
Reference : Pinal Dave (https://blog.sqlauthority.com)
Hi Dave, it’s possible export this report? I see that from SSMS export only in json format…
Is there a detailed downloadable list for everything that can be detected?
Is there a list of all VA findings that are possible that has definitions and how to fix them notes?