Queries for the ADAssessmentRecommendation table
AD Recommendations by Focus Area
Count all AD reccomendations by focus area.
ADAssessmentRecommendation
| summarize AggregatedValue = count() by FocusArea
AD Recommendations by Computer
Count AD recommendations with failed result by computer.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Computer
AD Recommendations by Forest
Count AD recommendations with failed result by forest.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Forest
AD Recommendations by Domain
Count AD recommendations with failed result by domain.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Domain
AD Recommendations by DomainController
Count AD recommendations with failed result by domain controller.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by DomainController
AD Recommendations by AffectedObjectType
Count AD recommendations with failed result by affected object type.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by AffectedObjectType
How many times did each unique AD Recommendation trigger?
Count AD recommendations with failed result by recommendation.
ADAssessmentRecommendation
| where RecommendationResult == "Failed"
| summarize AggregatedValue = count() by Recommendation
High priority AD Assessment security recommendations
Latest high priority security recommendation with result failed by recommendation Id.
ADAssessmentRecommendation
| where FocusArea == 'Security and Compliance' and RecommendationResult == 'Failed' and RecommendationScore>=35
| summarize arg_max(TimeGenerated, *) by RecommendationId
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for