Having just set up our new SQL Server Managed Instance, restored a sample database for testing, and run Azure’s vulnerability assessment, it produces this high risk finding:
VA2120 – Features that may affect security should be disabled
The more SQL Server features and services you enable, the larger its surface attack area becomes, making your system more vulnerable to potential attacks. These fetures should be disabled unless it is absolutely needed in this environment.
EXECUTE sp_configure 'show advanced options', 1; RECONFIGURE WITH OVERRIDE; EXECUTE sp_configure 'remote access', 0; RECONFIGURE; EXECUTE sp_configure 'show advanced options', 0; RECONFIGURE;
Turning to Google before doing anything, I found this Microsoft Docs article stating that (emphasis mine):
This topic is about the "Remote Access" feature. This configuration option is an obscure SQL Server to SQL Server communication feature that is deprecated, and you probably shouldn’t be using it.
Can anyone therefore please provide some clarity on the following?
- Why is it enabled given Microsoft’s description?
- Does it need to be enabled in Azure SQLMI? Because…
- When I run the remediation script I get this error:
Changes to server configuration option remote access are not supported in SQL Database Managed Instances.