Implement security recommendations in Microsoft Defender for Cloud

Recommendations give you suggestions on how to better secure your resources. You implement a recommendation by following the remediation steps provided in the recommendation.

Remediation steps

After reviewing all the recommendations, decide which one to remediate first. We recommend that you prioritize the security controls with the highest potential to increase your secure score.

  1. From the list, select a recommendation.

  2. Follow the instructions in the Remediation steps section. Each recommendation has its own set of instructions. The following screenshot shows remediation steps for configuring applications to only allow traffic over HTTPS.

    Manual remediation steps for a recommendation.

  3. Once completed, a notification appears informing you whether the issue is resolved.

Fix button

To simplify remediation and improve your environment's security (and increase your secure score), many recommendations include a Fix option.

Fix helps you quickly remediate a recommendation on multiple resources.

To implement a Fix:

  1. From the list of recommendations that have the Fix action icon , select a recommendation.

    Recommendations list highlighting recommendations with Fix action

  2. From the Unhealthy resources tab, select the resources that you want to implement the recommendation on, and select Fix.


    Some of the listed resources might be disabled, because you don't have the appropriate permissions to modify them.

  3. In the confirmation box, read the remediation details and implications.

    Quick fix.


    The implications are listed in the grey box in the Fixing resources window that opens after clicking Fix. They list what changes happen when proceeding with the Fix. Screenshot showing fixing resources window.

  4. Insert the relevant parameters if necessary, and approve the remediation.


    It can take several minutes after remediation completes to see the resources in the Healthy resources tab. To view the remediation actions, check the activity log.

  5. Once completed, a notification appears informing you if the remediation succeeded.

Fix actions logged to the activity log

The remediation operation uses a template deployment or REST API PATCH request to apply the configuration on the resource. These operations are logged in Azure activity log.

Next steps

In this document, you were shown how to remediate recommendations in Defender for Cloud. To learn how recommendations are defined and selected for your environment, see the following page: