Remediation activities and exceptions
Want to experience Microsoft Defender ATP? Sign up for a free trial.
To use this capability, enable your Microsoft Intune connections. Navigate to Settings > General > Advanced features. Scroll down and look for Microsoft Intune connection. By default, the toggle is turned off. Turn your Microsoft Intune connection toggle on.
After your organization's cybersecurity weaknesses are identified and mapped to actionable security recommendations, start creating security tasks through the integration with Microsoft Intune where remediation tickets are created.
Lower your organization's exposure from vulnerabilities and increase your security configuration by remediating the security recommendations.
Navigate to the Remediation page
You can access the Remediation page a few different ways:
- Threat & Vulnerability Management navigation menu in the Microsoft Defender Security Center
- Top remediation activities card in the Threat & Vulnerability Management dashboard
Go to the Threat & Vulnerability Management navigation menu and select Remediation to open up the list of remediation activities and exceptions found in your organization.
Top remediation activities in the dashboard
View Top remediation activities in the Threat & Vulnerability Management dashboard. Select any of the entries to go to the Remediation page. You can mark the remediation activity as completed after the IT admin team remediates the task.
When you submit a remediation request from the Security recommendations page, it kicks-off a remediation activity. A security task is created which will be tracked in the Threat & Vulnerability Management Remediation page, and a remediation ticket is created in Microsoft Intune.
Once you are in the Remediation page, select the remediation activity that you want to view. You can follow the remediation steps, track progress, view the related recommendation, export to CSV, or mark as complete.
When you file for an exception from the Security recommendations page, you create an exception for that security recommendation. You can file exceptions to exclude certain recommendation from showing up in reports and affecting your Microsoft Secure Score for Devices.
The exceptions you've filed will show up in the Remediation page, in the Exceptions tab. You can filter your view based on exception justification, type, and status.
Exception actions and statuses
You can take the following actions on an exception:
- Cancel - You can cancel the exceptions you've filed any time
- Resurface - Your exception automatically becomes void and resurfaces in the security recommendation list when dynamic environmental factors change, which adversely affect the exposure impact associated with a recommendation that had previously been excluded
The following statuses will be a part of an exception:
- Canceled - The exception has been canceled and is no longer in effect
- Expired - The exception that you've filed is no longer in effect
- In effect - The exception that you've filed is in progress
Exception impact on scores
Creating an exception can potentially affect the Exposure Score (for both types of weaknesses) and Microsoft Secure Score for Devices of your organization in the following manner:
- No impact - Removes the recommendation from the lists (which can be reverse through filters), but will not affect the scores.
- Mitigation-like impact - As if the recommendation was mitigated (and scores will be adjusted accordingly) when you select it as a compensating control.
- Hybrid - Provides visibility on both No impact and Mitigation-like impact. It shows both the Exposure Score and Microsoft Secure Score for Devices results out of the exception option that you made.
The exception impact shows on both the Security recommendations page column and in the flyout pane.
View exceptions in other places
Select Show exceptions at the bottom of the Top security recommendations card in the dashboard to open a filtered view in the Security recommendations page of recommendations with an "Exception" status.
- Threat & Vulnerability Management overview
- Supported operating systems and platforms
- Threat & Vulnerability Management dashboard
- Exposure score
- Microsoft Secure Score for Devices
- Security recommendations
- Software inventory
- Event timeline
- Configure data access for Threat & Vulnerability Management roles