Forum Discussion

SecureDuck's avatar
SecureDuck
Copper Contributor
Jan 15, 2020

Security Center Recommendations

Some ASC recommendations will show UnScanned Resources when you click on the recommendation. When I download the report, I also see many listed as NotApplicable in the "state" column. (The term "Unscanned" does not show up anywhere in the report). How can you tell why a specific resource is "Unscanned" or why it is flagged as "NotApplicable"?

  • SecureDuck it depends on the type of recommendation. For example, "no recommendation" in the UI for JIT VM could be caused by:

    • Missing NSG - The just-in-time solution requires an NSG to be in place.
    • Classic VM - Security Center just-in-time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just-in-time solution.
    • Other - A VM is in this category if the just-in-time solution is turned off in the security policy of the subscription or the resource group, or if the VM is missing a public IP and doesn't have an NSG in place.

     

    Check the recommendation and review the documentation for the potential reasons that an item show as not recommended:

    https://docs.microsoft.com/en-us/azure/security-center/

     

Resources