Recommendation resource type

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.


If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.


For better performance, you can use server closer to your geo location:



Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.


Method Return Type Description
List all recommendations Recommendation collection Retrieves a list of all security recommendations affecting the organization
Get recommendation by ID Recommendation Retrieves a security recommendation by its ID
Get recommendation software Software Retrieves a security recommendation related to a specific software
Get recommendation devices MachineRef collection Retrieves a list of devices associated with the security recommendation
Get recommendation vulnerabilities Vulnerability collection Retrieves a list of vulnerabilities associated with the security recommendation


Property Type Description
id String Recommendation ID
productName String Related software name
recommendationName String Recommendation name
Weaknesses Long Number of discovered vulnerabilities
Vendor String Related vendor name
recommendedVersion String Recommended version
recommendedProgram String Recommended program
recommendedVendor String Recommended vendor
recommendationCategory String Recommendation category. Possible values are: Accounts, Application, Network, OS, SecurityControls
subCategory String Recommendation subcategory
severityScore Double Potential impact of the configuration to the organization's Microsoft Secure Score for Devices (1-10)
publicExploit Boolean Public exploit is available
activeAlert Boolean Active alert is associated with this recommendation
associatedThreats String collection Threat analytics report is associated with this recommendation
remediationType String Remediation type. Possible values are: ConfigurationChange,Update,Upgrade,Uninstall
Status Enum Recommendation exception status. Possible values are: Active and Exception
configScoreImpact Double Microsoft Secure Score for Devices impact
exposureImpact Double Exposure score impact
totalMachineCount Long Number of installed devices
exposedMachinesCount Long Number of installed devices that are exposed to vulnerabilities
nonProductivityImpactedAssets Long Number of devices that aren't affected
relatedComponent String Related software component


Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.