Review security recommendations

This article describes how to work with security recommendations in Microsoft Security Exposure Management.

Prerequisites

• Learn about the recommendations catalog before you start.
• Review permissions and prerequisites needed for working with Security Exposure Management.

Review recommendations

1. In the Microsoft Defender portal, select Exposure management > Exposure insights > Recommendations to open the Recommendations page.

   

2. Sort the recommendations by any of the headings or filter them based on your task needs. Sorting includes all of the headers:

   • Name - Name.
   • Compliance state - Compliant or not compliant.
   • Impact - High, low, or medium impact.
   • Last calculated - Last time the recommendation was calculated.
   • Last state change - Last time the recommendation state changed.
   • Related initiatives - The number of related initiatives.
   • Related metrics - The number of related metrics.
   • Source - The assessment standard source.
   • Workload - Which workload the recommendations relate to.
   • Domain - Device, apps, data, or identity.

3. Filter recommendations by state, source, impact, workload, and domain.

4. Select a recommendation to view and review details.

You can also review recommendations on the Recommendations tab in a specific security initiative page in Initiatives to access Microsoft Exposure Recommendations in the Microsoft Defender portal.

Remediate recommendations

1. To remediate a recommendation, select a specific recommendation and browse to the Remediation steps tab.

2. Review the remediation steps and select Manage to follow the steps in the originating workload, such as Microsoft Defender for Cloud or Microsoft Defender Vulnerability Management.

Next steps

• Review other ways to improve security insights with exposure insights
• Learn how to Explore security events
• Investigate initiative metrics