| title | description | ms.topic | ms.author | author | ms.date | ai-usage |
|---|---|---|---|---|---|---|
Remediate recommendations |
Remediate security recommendations in Microsoft Defender for Cloud to improve the security posture of your environments. |
how-to |
elkrieger |
ElazarK |
03/07/2024 |
ai-assisted |
Resources and workloads protected by Microsoft Defender for Cloud are assessed against built-in and custom security standards enabled in your Azure subscriptions, AWS accounts, and GCP projects. Based on those assessments, security recommendations provide practical steps to remediate security issues, and improve security posture.
This article describes how to remediate security recommendations in your Defender for Cloud deployment.
Before you attempt to remediate a recommendation you should review it in detail. Learn how to review security recommendations.
Recommendations are prioritized based on the risk level of the security issue by default.
In addition to risk level, we recommend that you prioritize the security controls in the default Microsoft Cloud Security Benchmark (MCSB) standard in Defender for Cloud, since these controls affect your secure score.
-
Sign in to the Azure portal.
-
Navigate to Microsoft Defender for Cloud > Recommendations.
:::image type="content" source="media/implement-security-recommendations/recommendations-page.png" alt-text="Screenshot of the recommendations page that shows all of the affected resources by their risk level." lightbox="media/implement-security-recommendations/recommendations-page.png":::
-
Select a recommendation.
-
Select Take action.
-
Locate the Remediate section and follow the remediation instructions.
:::image type="content" source="./media/implement-security-recommendations/remediate-recommendation.png" alt-text="This screenshot shows manual remediation steps for a recommendation." lightbox="./media/implement-security-recommendations/remediate-recommendation.png":::
To simplify the remediation process, a Fix button might appear in a recommendation. The Fix button helps you quickly remediate a recommendation on multiple resources. If the Fix button is not present in the recommendation, then there is no option to apply a quick fix, and you must follow the presented remediation steps to address the recommendation.
To remediate a recommendation with the Fix button:
-
Sign in to the Azure portal.
-
Navigate to Microsoft Defender for Cloud > Recommendations.
-
Select a recommendation to remediate.
-
Select Take action > Fix.
:::image type="content" source="./media/implement-security-recommendations/microsoft-defender-for-cloud-recommendations-fix-action.png" alt-text="Screenshot that shows recommendations with the Fix action." lightbox="./media/implement-security-recommendations/microsoft-defender-for-cloud-recommendations-fix-action.png":::
-
Follow the rest of the remediation steps.
After remediation completes, it can take several minutes for the change to take place.
Security admins can fix issues at scale with automatic script generation in AWS and GCP CLI script language. When you select Take action > Fix on a recommendation where an automated script is available, the following window opens.
:::image type="content" source="./media/implement-security-recommendations/automated-remediation-scripts.png" alt-text="Screenshot that shows recommendations with the automated remediation script." lightbox="./media/implement-security-recommendations/automated-remediation-scripts.png":::
Copy and run the script to remediate the recommendation.
[!div class="nextstepaction"] Governance rules in your remediation processes