Microsoft Defender for Cloud Recommendation
Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises
This connector is available in the following products and regions:
| Service | Class | Regions |
|---|---|---|
| Logic Apps | Standard | All Logic Apps regions except the following: - US Department of Defense (DoD) |
| Contact | |
|---|---|
| Name | Microsoft |
| URL | Microsoft LogicApps Support |
| Connector Metadata | |
|---|---|
| Publisher | Microsoft |
| learn more> | https://docs.microsoft.com/connectors/ascassessment |
| Website | https://azure.microsoft.com/services/security-center/ |
Throttling Limits
| Name | Calls | Renewal Period |
|---|---|---|
| API calls per connection | 100 | 60 seconds |
Triggers
| When a Microsoft Defender for Cloud recommendation is created or triggered |
Triggers when a recommendation is created in Microsoft Defender for Cloud and matches the evaluation criteria configured in an automation, or when manually run on a specific recommendation. Note: automated running of this trigger requires enabling automation in Microsoft Defender for Cloud. To do so, visit Microsoft Defender for Cloud. |
When a Microsoft Defender for Cloud recommendation is created or triggered
Triggers when a recommendation is created in Microsoft Defender for Cloud and matches the evaluation criteria configured in an automation, or when manually run on a specific recommendation. Note: automated running of this trigger requires enabling automation in Microsoft Defender for Cloud. To do so, visit Microsoft Defender for Cloud.
Returns
| Name | Path | Type | Description |
|---|---|---|---|
|
Type
|
type | string |
A fixed string indicating the type of events used by this connector ('Microsoft.Security/assessments'). |
|
Id
|
id | string |
The fully qualified recommendation identifier. |
|
Name
|
name | string |
A GUID that uniquely identifies the recommendation. |
|
Source
|
properties.resourceDetails.source | string |
Indicates if the affected resource is an Azure or Non-Azure resource. |
|
Id
|
properties.resourceDetails.id | string |
The fully qualified resource Id (applicable if the source field is 'Azure'). |
|
Machine Name
|
properties.resourceDetails.machineName | string |
The name of the machine (applicable if the source field is 'OnPremise'). |
|
Source Computer Id
|
properties.resourceDetails.sourceComputerId | string |
The oms agent Id installed on the machine (applicable if the source field is 'OnPremise'). |
|
Virtual Machine Unique Id
|
properties.resourceDetails.vmuuid | string |
The unique Id of the machine (applicable if the source field is 'OnPremise'). |
|
Workspace Id
|
properties.resourceDetails.workspaceId | string |
Azure resource Id of the workspace the machine is attached to (applicable if the source field is 'OnPremise'). |
|
Display Name
|
properties.displayName | string |
The recommendation display name. |
|
Cause
|
properties.status.cause | string |
Programmatic code for the cause of the recommendation status. |
|
Code
|
properties.status.code | string |
Indicates if the recommendation on the resource is healthy, unhealthy or not applicable. Unhealthy resources are such that require remediation while healthy resources require no action and the recommendation is not active on them. |
|
Description
|
properties.status.description | string |
Human readable description of the recommendation status. |
|
Display Name
|
properties.metadata.displayName | string |
The recommendation display name. |
|
Assessment Type
|
properties.metadata.assessmentType | string |
The recommendation type (can be BuiltIn for Microsoft Defender for Cloud native recommendations or Custom for custom-defined recommendations). |
|
Policy Definition Id
|
properties.metadata.policyDefinitionId | string |
The associated Azure Policy definition ID that is used to audit resources and in turn create this Microsoft Defender for Cloud recommendation. |
|
Description
|
properties.metadata.description | string |
The recommendation detailed description. |
|
Remediation Description
|
properties.metadata.remediationDescription | string |
Detailed steps to take to remediate this recommendation (applicable when the status code is unhealthy). |
|
Severity
|
properties.metadata.severity | string |
The severity level of the recommendation. |
|
Azure Portal [Obsolete]
|
properties.links.azurePortal | string |
Obsolete - please use the new field, AzurePortal property has been changed to AzurePortalUri. |
|
Azure Portal Uri
|
properties.links.azurePortalUri | string |
A direct link to view the recommendation with all its details in Microsoft Defender for Cloud in the Azure portal. |