Defender for cloud not scanning all subscriptions
When looking at CIS benchmarks and remediating non-compliances the list of subscriptions (or relevant subscriptions) does not match the number that Defender says is applied.
For example - the number of key vaults within all subscriptions is 16, however the control only refers to 9 so is missing out on 7 key vaults that are active and in use.
Another example - the number of subscriptions enabled is 10 however the number of subscriptions listed in all activity log alert controls is 7.
Why is the correct number not reflected within regulatory compliance section of defender for cloud?
Thanks