Thank you for posting this in Microsoft Q&A.
As I understand you want to know the difference between recommendations that are sourced from policy vs defender for cloud.
Sol: The recommendations that are sourced from policy and Defender for Cloud are both part of the Azure Security Center service, but they differ in their focus and scope.
Policy-based recommendations are based on Azure Policy, which is a service that allows you to create and enforce policies across your Azure resources. Policy-based recommendations are focused on ensuring that your Azure resources are configured according to best practices and compliance requirements. These recommendations are based on a set of pre-defined policies that are provided by Azure Security Center, and they are designed to help you identify and remediate security issues in your Azure environment.
Defender for Cloud-based recommendations are based on the analysis of security data from your Azure resources. Defender for Cloud is a cloud-native security solution that provides advanced threat protection for your Azure resources. Defender for Cloud-based recommendations are focused on identifying and remediating security threats and vulnerabilities in your Azure environment. These recommendations are based on the analysis of security data from your Azure resources, and they are designed to help you detect and respond to security threats in real-time.
In summary, policy-based recommendations are focused on ensuring that your Azure resources are configured according to best practices and compliance requirements, while Defender for Cloud-based recommendations are focused on identifying and remediating security threats and vulnerabilities in your Azure environment. Both types of recommendations are important for maintaining the security of your Azure environment, and they should be used together to provide comprehensive security coverage.
About your questions in second part, you can check below articles,
https://learn.microsoft.com/en-us/defender-cloud-apps/api-introduction
To make changes using API on Defender for cloud recommendations, you can try to use the patch operation on the same endpoints mentioned in the article.
Let me know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.