Edit

Remediate recommendations

  • Article

Resources and workloads protected by Microsoft Defender for Cloud are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture.

This article describes how to remediate security recommendations in your Defender for Cloud deployment.

Before you attempt to remediate a recommendation you should review it in detail. Learn how to review security recommendations.

Remediate a recommendation

Recommendations are prioritized based on the risk level of the security issue by default.

In addition to risk level, we recommend that you prioritize the security controls in the default Microsoft Cloud Security Benchmark (MCSB) standard in Defender for Cloud, since these controls affect your secure score.

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

    Screenshot of the recommendations page that shows all of the affected resources by their risk level.

  3. Select a recommendation.

  4. Select Take action.

  5. Locate the Remediate section and follow the remediation instructions.

    This screenshot shows manual remediation steps for a recommendation.

Use the Fix option

To simplify the remediation process, a Fix button may appear in a recommendation. The Fix button helps you quickly remediate a recommendation on multiple resources. If the Fix button is not present in the recommendation, then there is no option to apply a quick fix, and you must follow the presented remediation steps to address the recommendation.

To remediate a recommendation with the Fix button:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Recommendations.

  3. Select a recommendation to remediate.

  4. Select Take action > Fix.

    Screenshot that shows recommendations with the Fix action.

  5. Follow the rest of the remediation steps.

After remediation completes, it can take several minutes for the change to take place.

Use the automated remediation scripts

Security admins can fix issues at scale with automatic script generation in AWS and GCP CLI script language. When you select Take action > Fix on a recommendation where an automated script is available, the following window opens.

Screenshot that shows recommendations with the automated remediation script.

Copy and run the script to remediate the recommendation.

Next step

Governance rules in your remediation processes