Which Security Standards Are Reflected in Defender for Cloud Recommendations?

Question

Which Security Standards Are Reflected in Defender for Cloud Recommendations?

AzureTest04 180

Regarding the recommendations in Microsoft Defender for Cloud:

My understanding is that the items displayed under recommendations are alerts shown when there are violations based on the security standards included in Defender for Cloud.

In that case, are the displayed alerts only related to the security standards that the user has enabled? Or are alerts displayed for all security standards, including those that the user has not enabled?

My understanding is that only alerts related to the security standards enabled by the user are shown in the recommendations.

Sridevi Machavarapu 22,525 Reputation points Microsoft External Staff Moderator

2026-02-25T01:47:48.6433333+00:00
Hello Azure検証ユーザー,

Your understanding is slightly different from how Defender for Cloud works.

Recommendations in Defender for Cloud are generated based on the Microsoft Cloud Security Benchmark and the security configuration of your resources. They are not limited to only the security standards that you enable.

Security standards such as ISO 27001, CIS, NIST, and PCI-DSS do not create separate recommendations. Instead, they use the existing recommendations and map them to their compliance controls.

Because of this:

The Recommendations page shows all applicable security recommendations for your resources.

These recommendations are shown regardless of which security standards are enabled.

The Regulatory Compliance page shows compliance status only for the standards that you have enabled.

In summary, recommendations are generated independently, and enabling a security standard only affects compliance reporting, not the recommendations themselves.

1 answer

Your answer

Sridevi Machavarapu 22,525 Reputation points Microsoft External Staff Moderator

2026-02-25T01:47:48.6433333+00:00

Hello Azure検証ユーザー,

Your understanding is slightly different from how Defender for Cloud works.

Recommendations in Defender for Cloud are generated based on the Microsoft Cloud Security Benchmark and the security configuration of your resources. They are not limited to only the security standards that you enable.

Security standards such as ISO 27001, CIS, NIST, and PCI-DSS do not create separate recommendations. Instead, they use the existing recommendations and map them to their compliance controls.

Because of this:

The Recommendations page shows all applicable security recommendations for your resources.

These recommendations are shown regardless of which security standards are enabled.

The Regulatory Compliance page shows compliance status only for the standards that you have enabled.

In summary, recommendations are generated independently, and enabling a security standard only affects compliance reporting, not the recommendations themselves.

Answer 1

Q&A Assist

AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

In Microsoft Defender for Cloud, the recommendations displayed are indeed based on the security standards that the user has enabled. Only alerts related to the security standards that are active will be shown in the recommendations. This means that if a user has not enabled certain security standards, the alerts corresponding to those standards will not appear in the recommendations.

References:

Share via

Which Security Standards Are Reflected in Defender for Cloud Recommendations?

1 answer

Your answer