You are currently viewing Defender for Cloud – Recommendations

Defender for Cloud – Recommendations

Reading Time: 4 minutes

In the previous blog post of this series we looked at how to onboard your on-premises environment to Defender for Cloud.

Once your environments have been onboarded CSPM will assess and provide recommendations.

Recommendations

Now that we have on-boarded our Azure, on-premises and AWS in our example, we can view the recommendations that Microsoft Defender for Cloud provides for your resources.

To view recommendations navigate to Defender for Cloud and select recommendations from the left hand side menu under General,

The recommendations page provides a list of recommendations and insight into those recommendations. By default the Secure Score recommendations are listed. You also have the option to list all recommendations.

The highlighted recommendation in the above image shows an unassigned recommendation to enable encryption at rest on 4 virtual machines. When clicking on the recommendation, you are provided with a detailed description of the recommendation, remediation steps for manual remediation of the recommendation and a list of affected resources.

When selecting an unhealth resource, one of the virtual machines in the above image you have the option select one of the following actions,

  • Trigger logic app
  • Exempt
  • Assign owner

Triggering a logic app will execute the action the login app is configured to perform. You also have the option of making this resource exempt or assigning an owner to complete this task.

Exempt Unhealthy Resource

Selecting to exempt an unhealthy resource from implementing the recommendation does not affect your secure score. You have the options of selecting the individual resource or a subscription.

Once the scope has been selected you can set an expiry date for the exemption and define the category and description.

Assign Owner

Alternatively, you can assign the recommendation to an owner to be implemented by a future date. The Assign owner blade lets you select a user or group from Azure AD, set a due date, apply a grace period and configure notifications.

Auto Fix

Depending on the recommendation you select, you will be provided with additional options. In the below example once the unhealth resource is selected you have the 3 options we saw previously,

  • Trigger logic app
  • Exempt
  • Assign owner

In this example you can also use the quick fix remediation for the unhealth resource,

Selecting Fix will automatically process the steps recommended,

AWS recomendations

In a previous blog post in this series we covered how to on-board resources from AWS. The recommendations page will provide recommendations for on-boarded AWS resources.

Selecting the AWS radio button on the recommendations page will list only Secure score recommendations for AWS,

The list of recommendations follow the same pattern for any other on-boarded resource. Selecting a recommendation will provide you with similar options for Azure recommendation detailed earlier in this blog.

For those recommendations that have a fix detailed, selecting fix will allow you to download the remediation logic for the resource and run within your AWS environment. The below example illustrates the fix for Secure Socket layer for an S3 bucket.

Microsoft provides a list of AWS recommendations that you might see in Defender for Cloud on-boarded AWS resources, see link below.

Reference table for all recommendations for AWS resources – Microsoft Defender for Cloud | Microsoft Learn

The next blog post in this series will look at security alerts generated by Defender for Cloud.