Edit

Share via

Review resources that are exempted from recommendations

In Microsoft Defender for Cloud, you can exempt protected resources from Defender for Cloud security recommendations. This article describes how to review and work with exempted resources.

Review exempted resources in the portal

When you exempt a resource, it doesn't prompt security recommendations. You can review and manage exempted resources in the Defender for Cloud portal.

Review exempted resources on the Recommendations page

  1. Sign in to the Azure portal.

  2. Go to Defender for Cloud > Recommendations.

  3. Select Recommendation status.

  4. Select Exempted.

  5. Select Apply.

    Screenshot of the recommendations page that shows Recommendation status, Exempted, and Apply.

  6. Select a resource to review it.

Review exempted resources on the Inventory page

  1. Sign in to the Azure portal.

  2. Go to Defender for Cloud > Inventory.

  3. Select Add filter.

    Screenshot that shows the Defender for Cloud asset inventory page and the filter to find resources with exemptions.

  4. Select Contains exemptions.

  5. Select Yes.

  6. Select OK.

Review exempted resources with Azure Resource Graph

Azure Resource Graph (ARG) provides instant access to resource information across your cloud environments with robust filtering, grouping, and sorting capabilities. You can quickly and easily query information by using Kusto Query Language (KQL).

To view all recommendations that have exemption rules:

  1. In the Recommendations page, select Open query.

  2. Enter the following query and select Run query.

    securityresources
| where type == "microsoft.security/assessments"
// Get recommendations in useful format
| project
['TenantID'] = tenantId,
['SubscriptionID'] = subscriptionId,
['AssessmentID'] = name,
['DisplayName'] = properties.displayName,
['ResourceType'] = tolower(split(properties.resourceDetails.Id,"/").[7]),
['ResourceName'] = tolower(split(properties.resourceDetails.Id,"/").[8]),
['ResourceGroup'] = resourceGroup,
['ContainsNestedRecom'] = tostring(properties.additionalData.subAssessmentsLink),
['StatusCode'] = properties.status.code,
['StatusDescription'] = properties.status.description,
['PolicyDefID'] = properties.metadata.policyDefinitionId,
['Description'] = properties.metadata.description,
['RecomType'] = properties.metadata.assessmentType,
['Remediation'] = properties.metadata.remediationDescription,
['Severity'] = properties.metadata.severity,
['Link'] = properties.links.azurePortal
| where StatusDescription contains "Exempt"

Get a notification when users create exemptions

To keep track of how users exempt resources from recommendations, we created an Azure Resource Manager template (ARM template). The template deploys a logic app playbook and all necessary API connections to notify you when an exemption is created.

Related content

  • Last updated on