vulnerabilityAssessments_Default_storageContainerPath

Question

vulnerabilityAssessments_Default_storageContainerPath

Mahmoodi, Somayeh (Admin) 80

I have 4-5 resources(one SQL DB) and I want to use ARM template to deploy the template and create new resources based on the template file. I didn't enable vulnerability assessment on my current sql DB, and I don't want to have it enabled in the new resources. the problem is that the template file created by azure for the resources has property "vulnerabilityAssessments_Default_storageContainerPath" that I can't find its value. I used API playground. it doesn't have the property. How do you think I should fill it? I tried to remove the property and the section that refers to in the template file and deployed the result, but I got an error in Azure cloud shell saying The content for this response was already consumed.

{
            "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
            "apiVersion": "2024-05-01-preview",
            "name": "[concat(parameters('servers_server_2_name'), '/Default')]",
            "dependsOn": [
                "[resourceId('Microsoft.Sql/servers', parameters('servers_server_2_name'))]"
            ],
            "properties": {
                "recurringScans": {
                    "isEnabled": false,
                    "emailSubscriptionAdmins": true
                },
                "storageContainerPath": "[parameters('vulnerabilityAssessments_Default_storageContainerPath')]"
            }
        },

I would appreciate it if you could help me. Thank you

Suchitra Suregaunkar 1,880 Reputation points Microsoft External Staff Moderator

2025-10-17T00:33:20.72+00:00

Hello Mahmoodi, Somayeh (Admin)

Thank you for posting your query on Microsoft Q&A platform.

We have reached out to you via private message for few of the details, could you please look into it.

Thanks,

Suchitra.
Suchitra Suregaunkar 1,880 Reputation points Microsoft External Staff Moderator

2025-10-17T01:30:24.5433333+00:00
Hello Mahmoodi, Somayeh (Admin)

The ARM template generated by Azure includes a resource for SQL Vulnerability Assessment with a property vulnerabilityAssessments_Default_storageContainerPath. As you don't want vulnerability assessment enabled on the new SQL resources and cannot find a value for this property in the API playground. Removing the property and section caused a deployment error:\ “The content for this response was already consumed.”

The template includes a resource of type Microsoft.Sql/servers/vulnerabilityAssessments.

This resource requires storageContainerPath because vulnerability assessment stores scan results in a storage account.

Even if scans are disabled, the schema still expects this property.

Removing only the property (or leaving references in dependsOn or parameters) makes the template invalid, causing deployment failure.

Checked API Playground → property not found (because VA was never enabled).

Removed the property and section → error occurred due to broken dependencies and missing required fields.

To resolve this or as a workaround you have two options:

Option 1: Remove Vulnerability Assessment Completely

Delete the entire resource block and Validate no other resource references this parameter.

Your template should look like below:

{ "type": "Microsoft.Sql/servers", "apiVersion": "2024-05-01-preview", "name": "[parameters('servers_server_2_name')]", "location": "[parameters('location')]", "properties": { "administratorLogin": "[parameters('administratorLogin')]", "administratorLoginPassword": "[parameters('administratorLoginPassword')]", "version": "12.0" } }

Here remove the block as shown below:

Parameter: vulnerabilityAssessments_Default_storageContainerPath

Any dependsOn referencing vulnerability assessment.

{ "type": "Microsoft.Sql/servers/vulnerabilityAssessments", "apiVersion": "2024-05-01-preview", "name": "[concat(parameters('servers_server_2_name'), '/Default')]", ... }

Option 2: Keep It but Disable Properly

If you want to keep the resource for compliance or template consistency:

isEnabled is false scans won’t run.

storageContainerPath is required by schema use empty string or dummy URL.

This satisfies schema validation, and scans won’t run because they’re disabled.

The property only appears when vulnerability assessment is explicitly configured. If it was never enabled, the API won’t return it.

So, If you don’t need vulnerability assessment, remove the resource entirely or If you need to keep the structure, use a placeholder for storageContainerPath.

{ "type": "Microsoft.Sql/servers/vulnerabilityAssessments", "apiVersion": "2024-05-01-preview", "name": "[concat(parameters('servers_server_2_name'), '/Default')]", "dependsOn": [ "[resourceId('Microsoft.Sql/servers', parameters('servers_server_2_name'))]" ], "properties": { "recurringScans": { "isEnabled": false, "emailSubscriptionAdmins": true }, "storageContainerPath": "" // Alternatively, use a dummy value: // "storageContainerPath": "https://dummy.blob.core.windows.net/container" } }

If you have any queries, please feel free to reach out.

Thanks,

Suchitra.
Mahmoodi, Somayeh (Admin) 80 Reputation points

2025-10-17T01:56:29.9366667+00:00

thank you for your time and consideration. I will try your suggestion and get back to you.
Mahmoodi, Somayeh (Admin) 80 Reputation points

2025-10-17T14:40:36.2433333+00:00

Appreciate your help! it seems my problem with vulnerabilty assessment solved with option1. I still couldn't deply all the resources though. I am not sure whether it is a good idea to add it them here. I'll create another question.

Answer accepted by question author

1 additional answer

Your answer

Suchitra Suregaunkar 1,880 Reputation points Microsoft External Staff Moderator

2025-10-17T00:33:20.72+00:00

Hello Mahmoodi, Somayeh (Admin)

Thank you for posting your query on Microsoft Q&A platform.

We have reached out to you via private message for few of the details, could you please look into it.

Thanks,

Suchitra.
Mahmoodi, Somayeh (Admin) 80 Reputation points

2025-10-17T01:56:29.9366667+00:00

thank you for your time and consideration. I will try your suggestion and get back to you.
Mahmoodi, Somayeh (Admin) 80 Reputation points

2025-10-17T14:40:36.2433333+00:00

Appreciate your help! it seems my problem with vulnerabilty assessment solved with option1. I still couldn't deply all the resources though. I am not sure whether it is a good idea to add it them here. I'll create another question.

Answer 1

Hello Mahmoodi, Somayeh (Admin)

The ARM template generated by Azure includes a resource for SQL Vulnerability Assessment with a property vulnerabilityAssessments_Default_storageContainerPath. As you don't want vulnerability assessment enabled on the new SQL resources and cannot find a value for this property in the API playground. Removing the property and section caused a deployment error:\ “The content for this response was already consumed.”

The template includes a resource of type Microsoft.Sql/servers/vulnerabilityAssessments.
This resource requires storageContainerPath because vulnerability assessment stores scan results in a storage account.
Even if scans are disabled, the schema still expects this property.
Removing only the property (or leaving references in dependsOn or parameters) makes the template invalid, causing deployment failure.
Checked API Playground → property not found (because VA was never enabled).
Removed the property and section → error occurred due to broken dependencies and missing required fields.

To resolve this or as a workaround you have two options:

Option 1: Remove Vulnerability Assessment Completely

Delete the entire resource block and Validate no other resource references this parameter.

Your template should look like below:

{
  "type": "Microsoft.Sql/servers",
  "apiVersion": "2024-05-01-preview",
  "name": "[parameters('servers_server_2_name')]",
  "location": "[parameters('location')]",
  "properties": {
    "administratorLogin": "[parameters('administratorLogin')]",
    "administratorLoginPassword": "[parameters('administratorLoginPassword')]",
    "version": "12.0"
  }
}

Here remove the block as shown below:

Parameter: vulnerabilityAssessments_Default_storageContainerPath

Any dependsOn referencing vulnerability assessment.

{
  "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
  "apiVersion": "2024-05-01-preview",
  "name": "[concat(parameters('servers_server_2_name'), '/Default')]",
  ...
}

Option 2: Keep It but Disable Properly

If you want to keep the resource for compliance or template consistency:

isEnabled is false scans won’t run.
storageContainerPath is required by schema use empty string or dummy URL.

This satisfies schema validation, and scans won’t run because they’re disabled.

The property only appears when vulnerability assessment is explicitly configured. If it was never enabled, the API won’t return it.

So, If you don’t need vulnerability assessment, remove the resource entirely or If you need to keep the structure, use a placeholder for storageContainerPath.

{
  "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
  "apiVersion": "2024-05-01-preview",
  "name": "[concat(parameters('servers_server_2_name'), '/Default')]",
  "dependsOn": [
    "[resourceId('Microsoft.Sql/servers', parameters('servers_server_2_name'))]"
  ],
  "properties": {
    "recurringScans": {
      "isEnabled": false,
      "emailSubscriptionAdmins": true
    },
    "storageContainerPath": ""
    // Alternatively, use a dummy value:
    // "storageContainerPath": "https://dummy.blob.core.windows.net/container"
  }
}

If you have any queries, please feel free to reach out.

Thanks,

Suchitra.

Suchitra Suregaunkar 1,880 Reputation points Microsoft External Staff Moderator

2025-10-17T17:39:41.13+00:00

Hello Mahmoodi, Somayeh (Admin)

It's good to hear that Option 1 fixed your vulnerability assessment issue.

If you’re still having trouble deploying the other resources, please create new question as it keeps things clear and makes it easier.

When you post the new question, include:

The exact error message you’re getting, Which resources are failing (like SQL DB, Storage Account, etc.) and the part of your ARM template like which section of the template causing the issue for further investigation.

If this answers your query, please click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query, please do let us know.

Thanks,

Suchitra.
Mahmoodi, Somayeh (Admin) 80 Reputation points

2025-10-17T18:15:14.77+00:00

Appreciate your help! it seems my problem with vulnerabilty assessment solved with option1. I still couldn't deply DB and some other resources though. I am not sure whether it is a good idea to add it them here. I'll create another question.

Answer 2

Hi,

Deploying resource Microsoft.Sql/servers/vulnerabilityAssessments does not necessary means that vulnerability assessment is enabled. In fact you can see that isEnabled is set to false. The value for storageContainerPath can be just empty string when isEnabled to false. Alternatively you can remove that resource at all from the deployment but keep in mind that if someone enables the features and you re-deploy your template it will not disable it. Note also that resource also has property storageAccountAccessKey which can be set to null when it is not enabled. If enabled you need to pass storage account access key along with storageContainerPath with URL to the container and isEnabled set to true.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Mahmoodi, Somayeh (Admin) 80 Reputation points

2025-10-17T18:16:45.17+00:00

thank you for the comments.

Share via

vulnerabilityAssessments_Default_storageContainerPath

1 additional answer

Your answer