Feature Request: Please make TVM Security Recommendations a bit smarter

Hello MDE Devs,

I noticed that the security recommendations in MDE are...let's say "not smart". To give you some examples:

• It is recommended that Bitlocker is enabled on virtual machines (VDIs). Why should someone enable Bitlocker on a machine that is virtual, hosted in a corporate owned datacenter and can't be stolen? 
  
  
• The ASR Rule "Block credential stealing from the Windows local security authority subsystem" is recommended, even if Credential Guard is enabled on a machine. The article for the ASR Rule states that this rule is only useful if Credential Guard is not enabled: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem
  
  
• The ASR Rule "Block persistence through WMI event subscription" is recommended, even if the machine is using SCCM - you can't enbable this rule if SCCM is present on a machine (this would block SCCM Agent from functioning correctly). It is only useful if youre not co-managing devices and are only using Intune or another MDM: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction?view=o365-worldwide#block-persistence-through-wmi-event-subscription

All of the above could be easily detected by MDE, so my feeling about this is, that not much effort was put in the recommendations.

Could you please have a look into this? A lot of recommendations just doesn't make any sense.

Best regards

Stefan