Edit

Share via

Assign a recommendation to an active user

Defender for Cloud’s Active User feature helps security administrators identify the most active users responsible for remediation recommendations. Security administrators must monitor and address potential threats such as attack paths and their associated recommendations to secure cloud resources.

The Active User feature suggests up to three potential active users. The suggestion is based on the users control plane activities on the specific resource, its related resource group, or the associated subscription. This feature improves the speed and efficiency of the remediation process and strengthens overall security posture.

Security administrators can assign and the recommendation directly to the most appropriate user from the suggested active user list. The assigned user receives a notification and a due date for remediation, which eliminates the need for manual investigation to determine responsibility. This approach streamlines the workflow and saves time for security teams.

Prerequisites

Assign a recommendation to an active user

Defender for Cloud's Active User feature suggests up to three potential Active Users. It bases its suggestions on their control plane activities on the specific resource, its related resource group, or the associated subscription per recommendation.

  1. Sign in to the Azure portal.

  2. Navigate to Defender for Cloud > Recommendations.

  3. Review the Recommendation owner column.

    Screenshot that shows where the recommended owner column is located on the recommendations page.

  4. Select a recommendation with a suggested owner.

  5. The Recommendation owner and set due date section suggests the top Active User on the affected resource.

    Screenshot that shows the top suggested Active User on the resource.

  6. Select Assign owner & set due date.

  7. Review the activity and confidence assigned to the top three suggested users.

    Screenshot that shows the activity and confidence assigned to the top three suggested users.

  8. Select More info to view more information about the user, including, name, email address, the user's manager, department, role, and last activities.

  9. (Recommended) Select an owner from the list of suggested users.

  10. (Optional) Select add a user manually if you don't want to assign any of the suggested users.

  11. (Optional) Select a remediation timeframe.

  12. (Optional) Toggle Apply grace period.

  13. (Optional) Set email notifications.

  14. Select Create.

If you selected to set an email notification, the Active User receives an email with the recommendation details and a link to the recommendation in Defender for Cloud.

Next step

Remediate recommendations