Vulnerability assessment enablement on Azure SQL server through ARM template

The issue you are having is caused by deploying an ARM template with Vulnerability Assessment, but without enabling Advanced Data Security first.

You will have to deploy Advanced Data Security in the ARM template and add a dependency in the Vulnerability Assessment block, so it will only be deployed after Advanced Data Security is deployed.

For example:

{
  "apiVersion": "2017-03-01-preview",
  "type": "Microsoft.Sql/servers/securityAlertPolicies",
  "name": "[concat(parameters('serverName'), '/Default')]",
  "properties": {
    "state": "Enabled",
    "disabledAlerts": [],
    "emailAddresses": [],
    "emailAccountAdmins": true
  }
},
{
  "apiVersion": "2018-06-01-preview",
  "type": "Microsoft.Sql/servers/vulnerabilityAssessments",
  "name": "[concat(parameters('serverName'), '/Default')]",
  "properties": {
        "storageContainerPath": "[if(parameters('enableADS'), concat(reference(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-07-01').primaryEndpoints.blob, 'vulnerability-assessment'), '')]",
        "storageAccountAccessKey": "[if(parameters('enableADS'), listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('storageName')), '2018-02-01').keys[0].value, '')]",
    "recurringScans": {
      "isEnabled": true,
      "emailSubscriptionAdmins": true,
      "emails": []
    }
  },
  "dependsOn": [
      "[concat('Microsoft.Sql/servers/', parameters('serverName'))]",
      "[concat('Microsoft.Sql/servers/', parameters('serverName'), '/securityAlertPolicies/Default')]"

  ]
}

Note that in this example I'm assuming that you are using an existing storage. If you're deploying a storage within the same ARM template, you will have to add a dependancy for that too (under "dependsOn"):

"[concat('Microsoft.Storage/storageAccounts/', variables('storageName'))]"