Recommendation resource type

Applies to: Microsoft Defender for Endpoint

Want to experience Defender for Endpoint? Sign up for a free trial.

Note

If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.

Tip

For better performance, you can use server closer to your geo location:

  • api-us.securitycenter.microsoft.com
  • api-eu.securitycenter.microsoft.com
  • api-uk.securitycenter.microsoft.com

Important

Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Methods

Method Return Type Description
List all recommendations Recommendation collection Retrieves a list of all security recommendations affecting the organization
Get recommendation by Id Recommendation Retrieves a security recommendation by its ID
Get recommendation software Software Retrieves a security recommendation related to a specific software
Get recommendation devices MachineRef collection Retrieves a list of devices associated with the security recommendation
Get recommendation vulnerabilities Vulnerability collection Retrieves a list of vulnerabilities associated with the security recommendation

Properties

Property Type Description
id String Recommendation ID
productName String Related software name
recommendationName String Recommendation name
Weaknesses Long Number of discovered vulnerabilities
Vendor String Related vendor name
recommendedVersion String Recommended version
recommendationCategory String Recommendation category. Possible values are: "Accounts", "Application", "Network", "OS", "SecurityStack
subCategory String Recommendation sub-category
severityScore Double Potential impact of the configuration to the organization's Microsoft Secure Score for Devices (1-10)
publicExploit Boolean Public exploit is available
activeAlert Boolean Active alert is associated with this recommendation
associatedThreats String collection Threat analytics report is associated with this recommendation
remediationType String Remediation type. Possible values are: "ConfigurationChange","Update","Upgrade","Uninstall"
Status Enum Recommendation exception status. Possible values are: "Active" and "Exception"
configScoreImpact Double Microsoft Secure Score for Devices impact
exposureImpacte Double Exposure score impact
totalMachineCount Long Number of installed devices
exposedMachinesCount Long Number of installed devices that are exposed to vulnerabilities
nonProductivityImpactedAssets Long Number of devices which are not affected
relatedComponent String Related software component