Delen via


Microsoft Defender for Cloud Recommendation

Microsoft Defender for Cloud is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   US Department of Defense (DoD)
Contact
Name Microsoft
URL Microsoft LogicApps Support
Connector Metadata
Publisher Microsoft
learn more> https://docs.microsoft.com/connectors/ascassessment
Website https://azure.microsoft.com/services/security-center/

Throttling Limits

Name Calls Renewal Period
API calls per connection 100 60 seconds

Triggers

When a Microsoft Defender for Cloud recommendation is created or triggered

Triggers when a recommendation is created in Microsoft Defender for Cloud and matches the evaluation criteria configured in an automation, or when manually run on a specific recommendation. Note: automated running of this trigger requires enabling automation in Microsoft Defender for Cloud. To do so, visit Microsoft Defender for Cloud.

When a Microsoft Defender for Cloud recommendation is created or triggered

Triggers when a recommendation is created in Microsoft Defender for Cloud and matches the evaluation criteria configured in an automation, or when manually run on a specific recommendation. Note: automated running of this trigger requires enabling automation in Microsoft Defender for Cloud. To do so, visit Microsoft Defender for Cloud.

Returns

Name Path Type Description
Type
type string

A fixed string indicating the type of events used by this connector ('Microsoft.Security/assessments').

Id
id string

The fully qualified recommendation identifier.

Name
name string

A GUID that uniquely identifies the recommendation.

Source
properties.resourceDetails.source string

Indicates if the affected resource is an Azure or Non-Azure resource.

Id
properties.resourceDetails.id string

The fully qualified resource Id (applicable if the source field is 'Azure').

Machine Name
properties.resourceDetails.machineName string

The name of the machine (applicable if the source field is 'OnPremise').

Source Computer Id
properties.resourceDetails.sourceComputerId string

The oms agent Id installed on the machine (applicable if the source field is 'OnPremise').

Virtual Machine Unique Id
properties.resourceDetails.vmuuid string

The unique Id of the machine (applicable if the source field is 'OnPremise').

Workspace Id
properties.resourceDetails.workspaceId string

Azure resource Id of the workspace the machine is attached to (applicable if the source field is 'OnPremise').

Display Name
properties.displayName string

The recommendation display name.

Cause
properties.status.cause string

Programmatic code for the cause of the recommendation status.

Code
properties.status.code string

Indicates if the recommendation on the resource is healthy, unhealthy or not applicable. Unhealthy resources are such that require remediation while healthy resources require no action and the recommendation is not active on them.

Description
properties.status.description string

Human readable description of the recommendation status.

Display Name
properties.metadata.displayName string

The recommendation display name.

Assessment Type
properties.metadata.assessmentType string

The recommendation type (can be BuiltIn for Microsoft Defender for Cloud native recommendations or Custom for custom-defined recommendations).

Policy Definition Id
properties.metadata.policyDefinitionId string

The associated Azure Policy definition ID that is used to audit resources and in turn create this Microsoft Defender for Cloud recommendation.

Description
properties.metadata.description string

The recommendation detailed description.

Remediation Description
properties.metadata.remediationDescription string

Detailed steps to take to remediate this recommendation (applicable when the status code is unhealthy).

Severity
properties.metadata.severity string

The severity level of the recommendation.

Azure Portal [Obsolete]
properties.links.azurePortal string

Obsolete - please use the new field, AzurePortal property has been changed to AzurePortalUri.

Azure Portal Uri
properties.links.azurePortalUri string

A direct link to view the recommendation with all its details in Microsoft Defender for Cloud in the Azure portal.