Azure – You can now enforce vulnerability assessment to be deployed on virtual machines

You may already know that Microsoft has introduced a vulnerability assessment capability to Azure – for either SQL Managed Instances, SQL Server or Virtual Machines.

Well, this capability needs to be enabled at the resource level by accessing the Security blade of the virtual machine and click on Vulnerability assessment solution should be installed on your virtual machines. or from the Security Center using the Compute & apps blade under the Resource Security Hygiene section.

image_thumb[2]  image_thumb[1]

But these steps only apply to existing resources, meaning when new virtual machine or SQL resources are created (or if the resource is shutdown), they will not have it enabled automatically and you will have to come again and repeat these steps.

Good news, you can now apply a policy to enforce the deployment of the vulnerability extension.

To enable this policy, go to your Security Center and reach the Security Policy blade under the Policy & Compliance section


Then select either the Tenant Group Management (recommended to apply to all subscriptions) or the specific subscription you want to apply the policy

Then Add a custom initiative (available below the Your custom initiatives section)

image_thumb[4]  image_thumb[5]

Fill the different fields and search for the Vulnerability Assessment should be enabled on Virtual Machines


Ensure the Effect is set to AuditIfNotExist


You can then complete the initiative creation process and deploy it.

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies