Defender for cloud not scanning all subscriptions


When looking at CIS benchmarks and remediating non-compliances the list of subscriptions (or relevant subscriptions) does not match the number that Defender says is applied.
For example - the number of key vaults within all subscriptions is 16, however the control only refers to 9 so is missing out on 7 key vaults that are active and in use.
Another example - the number of subscriptions enabled is 10 however the number of subscriptions listed in all activity log alert controls is 7.

Why is the correct number not reflected within regulatory compliance section of defender for cloud?

Azure Cloud Services
Azure Cloud Services
An Azure platform as a service offer that is used to deploy web and cloud applications.
651 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,216 questions
{count} votes