Review security recommendations

Article
03/28/2024

To improve your secure score, you have to implement the security recommendations for your environment. From the list of recommendations, you can use filters to find the recommendations that have the most impact on your score, or the ones that you were assigned to implement.

To get to the list of recommendations:

Sign in to the Azure portal.
Either:
- In the Defender for Cloud overview, select Security posture and then select View recommendations for the environment you want to improve.
- Go to Recommendations in the Defender for Cloud menu.

You can search for specific recommendations by name. Use the search box and filters above the list of recommendations to find specific recommendations. Look at the details of the recommendation to decide whether to remediate it, or disable the recommendation.

Finding recommendations with high impact on your secure score

Your secure score is calculated based on the security recommendations that you've implemented. In order to increase your score and improve your security posture, you have to find recommendations with unhealthy resources and remediate those recommendations.

The list of recommendations shows the Potential score increase that you can achieve when you remediate all of the recommendations in the security control.

To find recommendations that can improve your secure score:

In the list of recommendations, use the Potential score increase to identify the security control that contains recommendations that will increase your secure score.
- You can also use the search box and filters above the list of recommendations to find specific recommendations.
Open a security control to see the recommendations that have unhealthy resources.

When you remediate all of the recommendations in the security control, your secure score increases by the percentage point listed for the control.

Review recommendation data in Azure Resource Graph (ARG)

You can review recommendations in ARG both on the Recommendations page or on an individual recommendation.

The toolbar on the Recommendations page includes an Open query button to explore the details in Azure Resource Graph (ARG), an Azure service that gives you the ability to query - across multiple subscriptions - Defender for Cloud's security posture data.

ARG is designed to provide efficient resource exploration with the ability to query at scale across your cloud environments with robust filtering, grouping, and sorting capabilities. It's a quick and efficient way to query information across Azure subscriptions programmatically or from within the Azure portal.

Using the Kusto Query Language (KQL), you can cross-reference Defender for Cloud data with other resource properties.

For example, this recommendation details page shows 15 affected resources:

The **Open Query** button on the recommendation details page.

When you open the underlying query, and run it, Azure Resource Graph Explorer returns the same 15 resources and their health status for this recommendation:

Azure Resource Graph Explorer showing the results for the recommendation shown in the previous screenshot.

Recommendation insights

The Insights column of the page gives you more details for each recommendation. The options available in this section include:

Icon	Name	Description
	Preview recommendation	This recommendation won't affect your secure score until it's GA.
	Fix	From within the recommendation details page, you can use 'Fix' to resolve this issue.
	Enforce	From within the recommendation details page, you can automatically deploy a policy to fix this issue whenever someone creates a non-compliant resource.
	Deny	From within the recommendation details page, you can prevent new resources from being created with this issue.

Recommendations that aren't included in the calculations of your secure score, should still be remediated wherever possible, so that when the period ends they'll contribute towards your score instead of against it.

Download recommendations to a CSV report

Recommendations can be downloaded to a CSV report from the Recommendations page.

To download a CSV report of your recommendations:

Sign in to the Azure portal.
Navigate to Microsoft Defender for Cloud > Recommendations.
Select Download CSV report.

You'll know the report is being prepared when the pop-up appears.

Screenshot of pop-up indicating report being prepared.

When the report is ready, you'll be notified by a second pop-up.

Screenshot of pop-up indicating your downloaded completed.

Learn more

You can check out the following blogs:

Next steps

In this document, you were introduced to security recommendations in Defender for Cloud. For related information:

Remediate recommendations-Learn how to configure security policies for your Azure subscriptions and resource groups.
Automate responses to Defender for Cloud triggers-Automate responses to recommendations
Security recommendations - a reference guide