Povratne informacije Uredi

Review your security recommendations

  • Članak
  • 5 min. za čitanje

This article explains how to view and understand the recommendations in Microsoft Defender for Cloud to help you protect your multi-cloud resources.

View your recommendations

Defender for Cloud analyzes the security state of your resources to identify potential vulnerabilities.

To view your Secure score recommendations:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

    Screenshot of the recommendations page.

    Here you'll see the recommendations applicable to your environment(s). Recommendations are grouped into security controls.

  3. Select Secure score recommendations.

    Screenshot showing the location of the secure score recommendations tab.

    Note

    Custom recommendations can be found under the All recommendations tab. Learn how to Create custom security initiatives and policies.

    Secure score recommendations affect the secure score and are mapped to the various security controls. The All recommendations tab, allows you to see all of the recommendations including recommendations that are part of different regulatory compliance standards.

  4. (Optional) Select a relevant environment(s).

    Screenshot of the environment filter, to select your filters.

  5. Select the to expand the control, and view a list of recommendations.

    Screenshot showing how to see the full list of recommendations by selecting the drop-down menu icon.

  6. Select a specific recommendation to view the recommendation details page.

    Screenshot of the recommendation details page.

    1. For supported recommendations, the top toolbar shows any or all of the following buttons:

      • Enforce and Deny (see Prevent misconfigurations with Enforce/Deny recommendations).
      • View policy definition to go directly to the Azure Policy entry for the underlying policy.
      • Open query - All recommendations have the option to view the detailed information about the affected resources using Azure Resource Graph Explorer.

    2. Severity indicator.

    3. Freshness interval (where relevant).

    4. Count of exempted resources if exemptions exist for a recommendation, this shows the number of resources that have been exempted with a link to view the specific resources.

    5. Mapping to MITRE ATT&CK ® tactics and techniques if a recommendation has defined tactics and techniques, select the icon for links to the relevant pages on MITRE's site. This applies only to Azure scored recommendations.

      Screenshot of the MITRE tactics mapping for a recommendation.

    6. Description - A short description of the security issue.

    7. When relevant, the details page also includes a table of related recommendations:

      The relationship types are:

      • Prerequisite - A recommendation that must be completed before the selected recommendation
      • Alternative - A different recommendation, which provides another way of achieving the goals of the selected recommendation
      • Dependent - A recommendation for which the selected recommendation is a prerequisite

      For each related recommendation, the number of unhealthy resources is shown in the "Affected resources" column.

      Tip

      If a related recommendation is grayed out, its dependency isn't yet completed and so isn't available.

    8. Remediation steps - A description of the manual steps required to remediate the security issue on the affected resources. For recommendations with the Fix option**, you can select View remediation logic before applying the suggested fix to your resources.

    9. Affected resources - Your resources are grouped into tabs:

      • Healthy resources – Relevant resources, which either aren't impacted or on which you've already remediated the issue.

      • Unhealthy resources – Resources that are still impacted by the identified issue.

      • Not applicable resources – Resources for which the recommendation can't give a definitive answer. The not applicable tab also includes reasons for each resource.

        Not applicable resources with reasons.

    10. Action buttons to remediate the recommendation or trigger a logic app.

Search for a recommendation

You can search for specific recommendations by name. The search box and filters above the list of recommendations can be used to help locate a specific recommendation.

Custom recommendations only appear under the All recommendations tab.

To search for recommendations:

  1. On the recommendation page, select an environment from the environment filter.

    Screenshot of the environmental filter on the recommendation page.

    You can select 1, 2, or all options at a time. The page's results will automatically reflect your choice.

  2. Enter a name in the search box, or select one of the available filters.

    Screenshot of the search box and filter list.

  3. Select to add more filter(s).

  4. Select a filter from the drop-down menu.

    Screenshot of the available filters to select.

  5. Select a value from the drop-down menu.

  6. Select OK.

Review recommendation data in Azure Resource Graph Explorer (ARG)

You can review recommendations in ARG both on the recommendations page or on an individual recommendation.

The toolbar on the recommendation details page includes an Open query button to explore the details in Azure Resource Graph (ARG), an Azure service that gives you the ability to query - across multiple subscriptions - Defender for Cloud's security posture data.

ARG is designed to provide efficient resource exploration with the ability to query at scale across your cloud environments with robust filtering, grouping, and sorting capabilities. It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal.

Using the Kusto Query Language (KQL), you can cross-reference Defender for Cloud data with other resource properties.

For example, this recommendation details page shows 15 affected resources:

The **Open Query** button on the recommendation details page.

When you open the underlying query, and run it, Azure Resource Graph Explorer returns the same 15 resources and their health status for this recommendation:

Azure Resource Graph Explorer showing the results for the recommendation shown in the previous screenshot.

Recommendation insights

The Insights column of the page gives you more details for each recommendation. The options available in this section include:

Icon Name Description
Preview recommendation* This recommendation won't affect your secure score until it's GA.
Fix From within the recommendation details page, you can use 'Fix' to resolve this issue.
Enforce From within the recommendation details page, you can automatically deploy a policy to fix this issue whenever someone creates a non-compliant resource.
Deny From within the recommendation details page, you can prevent new resources from being created with this issue.

Recommendations that aren't included in the calculations of your secure score, should still be remediated wherever possible, so that when the period ends they'll contribute towards your score instead of against it.

Download recommendations in a CSV report

Recommendations can be downloaded to a CSV report from the Recommendations page.

To download a CSV report of your recommendations:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

  3. Select Download CSV report.

    Screenshot showing you where to select the Download C S V report from.

You'll know the report is being prepared by the pop-up.

Screenshot of report being prepared.

When the report is ready, you'll be notified by a second pop-up.

Screenshot letting you know your downloaded completed.

Next steps

In this document, you were introduced to security recommendations in Defender for Cloud. For related information: