fix for Deploy-Sql-vulnerabilityAssessments - Issue #672

[mrajess]

This PR addresses issue #672.. I've performed the following:

Renamed parameter "vulnerabilityAssessmentsEmail" to "vulnerabilityAssessmentsEmails". Changed parameter "vulnerabilityAssessmentsEmail" to type of "Array" Updated ALL references in ARM template to previous parameter. Updated parameter display name and description. Changed existence condition to use Count to loop through array of email addresses. Updated deployment template to reflect the parameter now being an "Array".

However, I do feel like this Policy and control as a whole may need to be looked at further. In the UX for SQL DB you're actually setting vulnerability scanning settings at the server level, and not at the database level. All current documentation seems to indicate that this setting should be getting set at the server level now, but I'm unsure. Is setting this at DB level still the best practice? Additionally, should we expand this Policy to encompass Managed Instance as well?

[krowlandson]

@jtracey93 - please can you take a look at this, as I know you've just been working on this one? Thank you

[mrajess]

As an update. I've kicked this up to our Product Group to get best practices on this particular control. They're engaged and should be getting back to me in the next few days. I'm thinking setting this at the server is really all that needs to happen, but I'll know more in the coming days. Until then I'm going to hold off on going too much further with this.

[krowlandson]

Do we have any further updates on this please? We have issues #672 and Azure/terraform-azurerm-caf-enterprise-scale/issues/130 outstanding for this.

[krnese]

@mrajess do you have an update for this PR?