An update: our MSP opened a ticket with Microsoft and we were informed that this recommendation is deprecated in favor of the newer ones (that can be exempted) and set to be removed from the dashboard in roughly a month. We have decided that we are going to wait for this to happen and regain the small amount of points toward our secure score. I would recommend relaying this information to interested parties and waiting for the item to stop being reported in the Defender for Cloud Recommendations portal.
Why does "Endpoint Protection not installed on Azure VMs" falsely show as a finding in recommendations?
We have had a recommendation in Microsoft Defender for Cloud for a while now called "Endpoint Protection not installed on Azure VMs". This item is a -4% or -3% on the secure score (keeps changing) and we would like to resolve it, but it does not seem to detect that Windows Defender is enabled on all of these VMs.
There is also a note stating "There is a newer version of this recommendation" that points to "Endpoint protection should be installed on machines", which lists all 8 VMs as "Healthy Resources".
We took one of the VMs and verified Windows Defender is running on it.
We also ran the Get-MpComputerStatus Powershell command and verified that AMServiceEnabled is set to true.
I assume that because this is the flag being checked, the "newer" recommendation confirms the VM is healthy. But yet, we are being penalized 3-4% for the original one, which provides no way to exempt the machines from it.
Does Microsoft plan to remove this recommendation/seemingly unavoidable penalty since there is a newer version available? It has been around for months. How do we stop this from being flagged to get our score up?
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
2 answers
Sort by: Most helpful
-
-
Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
2023-11-30T16:41:55.12+00:00 Thank you for posting your query on Microsoft Q&A. I am reviewing this and will get back to you with further inputs.
Update1:
I tried to reproduce the issue in my lab but found no luck as this recommendation did not appear in my lab environment.
As a workaround my suggestion here is to try exempting the VMs from this recommendation. If you don't get the option then do let me know so that we could plan for an offline connect.
Thanks,
Akshay Kaushik
Please "Accept the answer(Yes)" and "share your feedback ". This will help us and others in the community as well.