We are looking to pass all of the automated compliance checks performed by Azure Defender / Security Center (e.g. ISO 27001). It would be great to get guidance on the following:
For the "greyed out"/disabled control-checks, is it possible to get more information on each of these and specifically why each specific check is greyed out (I'm aware of the general reasons e.g. not automatically checked, responsibility falls on Azure side etc). Even more helpful would be any guidance on what specific manual checks could be done (if any) to internally track these.
Can Fast Track or any Azure support service provide additional help around reaching 100% pass-mark for the checks performed e.g. suggesting a plan of attack, analysing and ordering issues by severity, provide insight into how much work is involved in resolving these, potential risks, best practices etc.
Following on from 2. can the mitigation steps to reach 100% pass-mark of automated checks be potentially actioned/corrected by the Fast Track team or any other Azure support services, or is this something that has to be actioned internally.
Generally what is the recommended approach to tackle this sort of thing?