Implement security recommendations in Microsoft Defender for Cloud

Note

Azure Security Center and Azure Defender are now called Microsoft Defender for Cloud. We've also renamed Azure Defender plans to Microsoft Defender plans. For example, Azure Defender for Storage is now Microsoft Defender for Storage.

Learn more about the recent renaming of Microsoft security services.

Recommendations give you suggestions on how to better secure your resources. You implement a recommendation by following the remediation steps provided in the recommendation.

Remediation steps

After reviewing all the recommendations, decide which one to remediate first. We recommend that you prioritize the security controls with the highest potential to increase your secure score.

  1. From the list, select a recommendation.

  2. Follow the instructions in the Remediation steps section. Each recommendation has its own set of instructions. The following screenshot shows remediation steps for configuring applications to only allow traffic over HTTPS.

    Manual remediation steps for a recommendation.

  3. Once completed, a notification appears informing you whether the issue is resolved.

Fix button

To simplify remediation and improve your environment's security (and increase your secure score), many recommendations include a Fix option.

Fix helps you quickly remediate a recommendation on multiple resources.

Tip

The Fix feature is only available for specific recommendations. To find recommendations that have an available fix, use the Response actions filter for the list of recommendations:

Use the filters above the recommendations list to find recommendations that have the Fix option.

To implement a Fix:

  1. From the list of recommendations that have the Fix action icon, , select a recommendation.

    Recommendations list highlighting recommendations with Fix action

  2. From the Unhealthy resources tab, select the resources that you want to implement the recommendation on, and select Remediate.

    Note

    Some of the listed resources might be disabled, because you don't have the appropriate permissions to modify them.

  3. In the confirmation box, read the remediation details and implications.

    Quick fix.

    Note

    The implications are listed in the grey box in the Remediate resources window that opens after clicking Remediate. They list what changes happen when proceeding with the Fix.

  4. Insert the relevant parameters if necessary, and approve the remediation.

    Note

    It can take several minutes after remediation completes to see the resources in the Healthy resources tab. To view the remediation actions, check the activity log.

  5. Once completed, a notification appears informing you if the remediation succeeded.

Fix actions logged to the activity log

The remediation operation uses a template deployment or REST API PATCH request to apply the configuration on the resource. These operations are logged in Azure activity log.

Next steps

In this document, you were shown how to remediate recommendations in Defender for Cloud. To learn how recommendations are defined and selected for your environment, see the following page: