Defender for Cloud indicates false an unhealthy resource

Question

Defender for Cloud indicates false an unhealthy resource

Renato Marteleto 20

After switching Microsoft Defender for Cloud to Express configuration, one of the resources in my subscription is persistently flagged as unhealthy. However, when I drill into the resource in the Defender portal:

The Findings tab is empty, showing no specific issues.

I have attempted to re-scan the subscription, but the unhealthy status persists.

This appears to be a false positive or stale health state issue. How can this be fixed?

Screenshot 2025-06-07 124354.png

Screenshot 2025-06-07 124509.png

Accepted answer

1 additional answer

Your answer

Answer 1

Hello Renato Marteleto,

I believe you have checked with our team and configured the disabled rules to address the issue. You can see the same information in the following document: Disable specific findings from Microsoft Defender for Cloud (preview).

If you have an organizational need to ignore a finding rather than remediate it, you can disable the finding. Disabled findings don't impact your secure score or generate unwanted noise. You can see the disabled finding in the "Not applicable" section of the scan results.

When a finding matches the criteria, you've defined in your disabled rules, it won't appear in the list of findings. Typical scenarios might include:

Disable findings with medium or lower severity
Disable findings that are non-patchable
Disable findings from benchmarks that aren't of interest for a defined scope.

The above document will show you how to find or edit the disabled rules this can help you what kind of findings are already disabled. I hope this information is helpful. Please feel free to reach out if you have any further questions.

If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".

Answer 2

Abiola Akinbade 29,645 Volunteer Moderator

Hello Renato Marteleto,

Thanks for your question.

Sometimes these state issues resolve naturally within 24-48 hours. However you can try the following:

You can possible re-scan again and wait for 24-48 hours
You can also check that the Microsoft.Security resource provider is registered in subscription > Resource Providers.

See: https://learn.microsoft.com/en-us/azure/defender-for-cloud/troubleshoot-vulnerability-findings

I will recommend that if the issue persists beyond 48 hours with no findings visible, this warrants a support ticket with Microsoft. You can contact support here:

https://azure.microsoft.com/en-us/support/create-ticket

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola

Sanoop M 4,310 Reputation points Moderator

2025-06-09T09:11:52.55+00:00

Hello Renato Marteleto,

I am following up to check whether if you had a chance to review the above answer posted by @Abiola Akinbade

Please let me know if the issue persists after 48 hours, so that we can further assist you accordingly.
Navya 20,730 Reputation points Microsoft External Staff Moderator

2025-06-09T16:51:16.5133333+00:00

Hi Renato Marteleto
Could you please help me? Is it still showing recommendations and marked as unhealthy in Defender for Cloud?
Kancharla Saiteja 6,060 Reputation points Microsoft External Staff Moderator

2025-06-09T21:18:34.5266667+00:00

Hello Renato Marteleto,

Could you please confirm you have performed on demand scan for the database vulnerabilities. You can take a look on the following document for better understanding: On-demand vulnerability scans. Please share the output of the following scan in private message.
Renato Marteleto 20 Reputation points

2025-06-09T21:39:29.1533333+00:00

Yes, I have performed the on demand scan. But no change, the item is still there.
Kancharla Saiteja 6,060 Reputation points Microsoft External Staff Moderator

2025-06-09T23:26:28.0533333+00:00
Hello Renato Marteleto,

If you have defined any specific findings in disabled rules, you will not be seeing that list of findings. You can see the same information in the following document: Disable specific findings from Microsoft Defender for Cloud (preview).

If you have an organizational need to ignore a finding rather than remediate it, you can disable the finding. Disabled findings don't impact your secure score or generate unwanted noise. You can see the disabled finding in the "Not applicable" section of the scan results.

When a finding matches the criteria, you've defined in your disabled rules, it won't appear in the list of findings. Typical scenarios might include:

Disable findings with medium or lower severity

Disable findings that are non-patchable

Disable findings from benchmarks that aren't of interest for a defined scope.

The above document will show you how to find or edit the disabled rules this can help you what kind of findings are already disabled. I hope this information is helpful. Please feel free to reach out if you have any further questions.
Sanoop M 4,310 Reputation points Moderator

2025-06-10T12:30:40.5033333+00:00

Hello Renato Marteleto,

I am just checking in see if you had a chance to review the above comment posted by @Kancharla Saiteja and please let us know if you have any further questions.
Renato Marteleto 20 Reputation points

2025-06-10T13:54:45.9+00:00

Thanks for the answers above. I can't state whether the finding will be remediated or ignored, because I don't have any information about the finding: it is empty.

I have re-scanned all the databases, and they show 0 findings. This false positive is at the (managed) sql server level, not at database level. However, I can't find a "scan" button at the server level.
Sanoop M 4,310 Reputation points Moderator

2025-06-11T02:18:02.2266667+00:00

Hello Renato Marteleto,

Thank you for your response.

Could you please confirm whether if you have followed and configured the steps mentioned under Enable vulnerability assessment classic configuration in the below attached document and then you can go to the SQL databases should have vulnerability findings resolved recommendation to see the vulnerabilities found in your databases. You can also run on-demand vulnerability assessment scans to see the current findings.

Reference document to enable vulnerability assessment express configuration:

Enable vulnerability assessment (Express) - Microsoft Defender for Cloud

Please note that if you have enabled vulnerability assessment classic configuration, please make sure to follow the below mentioned steps.

1.In the Azure portal, open the specific resource in Azure SQL Database, SQL Managed Instance Database, or Azure Synapse.

2.Under the Security heading, select Defender for Cloud.

3.Select Configure on the link to open the Microsoft Defender for SQL settings pane for either the entire server or managed instance.

4.In the Server settings page, enter the Microsoft Defender for SQL settings:

Reference document to enable vulnerability assessment classic configuration:

Enable vulnerability assessment (Classic) - Microsoft Defender for Cloud

Please let us know if you have any queries.
Renato Marteleto 20 Reputation points

2025-06-11T13:21:32.9933333+00:00

hi there, the only difference I see is in regards to the vulnerability assessment settings. I don't have the option to configure the storage account.
Sanoop M 4,310 Reputation points Moderator

2025-06-12T01:13:53.2233333+00:00

Hello Renato Marteleto,

Thank you for your response.

The reason why you are not able to see the option of configuring Storage account is because the SQL Vulnerability Assessment is enabled via express configuration in your tenant.

The steps mentioned in the above screenshot which I have provided to you is for enabling vulnerability assessment classic configuration.
Rukmini 3,916 Reputation points Microsoft External Staff Moderator

2025-06-12T08:42:39.8333333+00:00

Hello Renato Marteleto, Did you get a chance to see the previous comment? In case if you have any resolution, please do share that same with the community as it can be helpful to others.

Otherwise, please respond with more details and we will try to help - Feel free to reach out!
Kancharla Saiteja 6,060 Reputation points Microsoft External Staff Moderator

2025-06-23T16:57:11.31+00:00

Hello Renato Marteleto,

Based on our research, we have found the issue required more details from the logs which can be checked from our support team. We have guided you on the same in private and extended our support to the maximum.

If the answer is helpful, kindly "upvote it" if we are helpful in this situation**.**

Share via

Defender for Cloud indicates false an unhealthy resource

1 additional answer

Your answer