Recommendation resource type
Applies to:
Want to experience Defender for Endpoint? Sign up for a free trial.
Note
If you are a US Government customer, please use the URIs listed in Microsoft Defender for Endpoint for US Government customers.
Tip
For better performance, you can use server closer to your geo location:
- us.api.security.microsoft.com
- eu.api.security.microsoft.com
- uk.api.security.microsoft.com
- au.api.security.microsoft.com
- swa.api.security.microsoft.com
- ina.api.security.microsoft.com
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.
Methods
| Method | Return Type | Description |
|---|---|---|
| List all recommendations | Recommendation collection | Retrieves a list of all security recommendations affecting the organization |
| Get recommendation by ID | Recommendation | Retrieves a security recommendation by its ID |
| Get recommendation software | Software | Retrieves a security recommendation related to a specific software |
| Get recommendation devices | MachineRef collection | Retrieves a list of devices associated with the security recommendation |
| Get recommendation vulnerabilities | Vulnerability collection | Retrieves a list of vulnerabilities associated with the security recommendation |
Properties
| Property | Type | Description |
|---|---|---|
| id | String | Recommendation ID |
| productName | String | Related software name |
| recommendationName | String | Recommendation name |
| Weaknesses | Long | Number of discovered vulnerabilities |
| Vendor | String | Related vendor name |
| recommendedVersion | String | Recommended version |
| recommendedProgram | String | Recommended program |
| recommendedVendor | String | Recommended vendor |
| recommendationCategory | String | Recommendation category. Possible values are: Accounts, Application, Network, OS, SecurityControls |
| subCategory | String | Recommendation subcategory |
| severityScore | Double | Potential impact of the configuration to the organization's Microsoft Secure Score for Devices (1-10) |
| publicExploit | Boolean | Public exploit is available |
| activeAlert | Boolean | Active alert is associated with this recommendation |
| associatedThreats | String collection | Threat analytics report is associated with this recommendation |
| remediationType | String | Remediation type. Possible values are: ConfigurationChange,Update,Upgrade,Uninstall |
| Status | Enum | Recommendation exception status. Possible values are: Active and Exception |
| configScoreImpact | Double | Microsoft Secure Score for Devices impact |
| exposureImpact | Double | Exposure score impact |
| totalMachineCount | Long | Number of installed devices |
| exposedMachinesCount | Long | Number of installed devices that are exposed to vulnerabilities |
| nonProductivityImpactedAssets | Long | Number of devices that aren't affected |
| relatedComponent | String | Related software component |
| exposedCriticalDevices | Numeric | The sum of critical devices in all levels of criticality except “not critical" for a particular recommendation |
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.