Edit

Remediate security recommendations

  • Article

Resources and workloads protected by Microsoft Defender for Cloud are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture.

This article describes how to remediate security recommendations in your Defender for Cloud deployment using the latest version of the portal experience.

Before you start

Before you attempt to remediate a recommendation you should review it in detail. Learn how to review security recommendations.

Important

This page discusses how to use the new recommendations experience where you have the ability to prioritize your recommendations by their effective risk level. To view this experience, you must select Try it now.

Screenshot that shows where the try it now button is located on the recommendation page.

Group recommendations by risk level

Before you start remediating, we recommend grouping your recommendations by risk level in order to remediate the most critical recommendations first.

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

  3. Select Group by > Primary grouping > Risk level > Apply.

    Screenshot of the recommendations page that shows how to group your recommendations.

    Recommendations are displayed in groups of risk levels.

You can now review critical and other recommendations to understand the recommendation and remediation steps. Use the graph to understand the risk to your business, including which resources are exploitable, and the effect that the recommendation has on your business.

Remediate recommendations

After reviewing recommendations by risk, decide which one to remediate first.

In addition to risk level, we recommend that you prioritize the security controls in the default Microsoft Cloud Security Benchmark (MCSB) standard in Defender for Cloud, since these controls affect your secure score.

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

  3. Select a recommendation to remediate.

  4. Select Take action

  5. Locate the Remediate section and follow the remediation instructions.

    This screenshot shows manual remediation steps for a recommendation.

Use the Fix option

To simplify remediation and improve your environment's security (and increase your secure score), many recommendations include a Fix option to help you quickly remediate a recommendation on multiple resources. If the Fix button is not present in the recommendation, then there is no option to apply a quick fix.

To remediate a recommendation with the Fix button:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

  3. Select a recommendation to remediate.

  4. Select Take action > Fix.

    This screenshot shows recommendations with the Fix action

  5. Follow the rest of the remediation steps.

After remediation completes, it can take several minutes for the change to take place.

Next steps

Learn about using governance rules in your remediation processes.