We are using Azure to host many (100+) SQL Azure databases with an identical setup. Azure Security Center performs a weekly vulnerability scan. At present, we need to set up the baseline for each individual database. For instance, every time we add a new database, we need to classify dozens of fields to pass VA1288. This is a tedious process and it gets more complicated as we tighten the baseline.
Is it possible to create a base line template and link it to a SQL Azure instance and if so, how? We'd really like to get that green checkmark!
You can use PowerShell and Set-AzSqlDatabaseVulnerabilityAssessmentRuleBaseline to set a vulnerability assessment rule baseline on all the databases under a server (see example 3 on https://learn.microsoft.com/en-us/powershell/module/az.sql/Set-azSqlDatabaseVulnerabilityAssessmentRuleBaseline?view=azps-3.6.1) and then use WebJobs to run your script every day/week etc. (see https://github.com/projectkudu/kudu/wiki/WebJobs#user-content-scheduling-a-triggered-webjob).