Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1026345%22%20slang%3D%22en-US%22%3EFind%20disabled%20Security%20Center%20Recommendations%20using%20PowerShell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1026345%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20you%20are%20using%20Security%20Center%E2%80%99s%20%3CSTRONG%3ESecure%20Score%3C%2FSTRONG%3E%20today%20(and%20you%20should!)%2C%20you%20are%20able%20to%20disable%20specific%20recommendations%20which%20may%20not%20be%20relevant%20to%20you.%20By%20navigating%20to%20the%20ASC%E2%80%99s%20default%20initiative%20in%20the%20Azure%20Policy%20blade%2C%20you%20can%20disable%20a%20recommendation%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20937px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158481i1094F013800784F0%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Disable_Recommendation.png%22%20title%3D%22Disable_Recommendation.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThis%20would%20exclude%20the%20recommendation%20from%20your%20Secure%20Score.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBut%20what%20if%20you%20want%20to%20quickly%20find%20which%20recommendations%20have%20been%20disabled%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESince%20Azure%20Policy%20is%20the%20technology%20behind%20ASC's%20recommendations%2C%20you%20can%20leverage%20the%20Az%20PowerShell%20module%20and%20specifically%20the%20%3CSTRONG%3EAzPolicy%3C%2FSTRONG%3E*%20Cmdlets%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20361px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158484i3FFD00F16085BF4C%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22cmdlets.png%22%20title%3D%22cmdlets.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EUsing%20%3CSTRONG%3EGet-AzPolicyAssignment%3C%2FSTRONG%3E%20I%20can%20query%20the%20ASC%20Default%20Initiative%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3E%24PolicyAssignment%20%3D%20Get-AzPolicyAssignment%20%7C%20Where-Object%20%7B%24_.name%20-eq%20%22SecurityCenterBuiltIn%22%7D%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20captures%20the%20information%20in%20a%20variable%20which%20we%20can%20use%20to%20reveal%20disabled%20recommendations%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-csharp%22%3E%3CCODE%3E%24PolicyAssignment.Properties.parameters%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat%20gives%20us%20the%20following%20output%3A%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20741px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F158490i09B7518AE66E4708%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22disabled.png%22%20title%3D%22disabled.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EI%20could%20then%20interact%20further%20with%20this%20assignment%20using%20additional%20PowerShell%20cmdlets.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1026345%22%20slang%3D%22en-US%22%3E%3CP%3EUse%20PowerShell%20to%20find%20disabled%20ASC%20Recommendations%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

If you are using Security Center’s Secure Score today (and you should!), you are able to disable specific recommendations which may not be relevant to you. By navigating to the ASC’s default initiative in the Azure Policy blade, you can disable a recommendation:

Disable_Recommendation.png

This would exclude the recommendation from your Secure Score.

 

But what if you want to quickly find which recommendations have been disabled?

 

Since Azure Policy is the technology behind ASC's recommendations, you can leverage the Az PowerShell module and specifically the AzPolicy* Cmdlets:

cmdlets.png

 

Using Get-AzPolicyAssignment I can query the ASC Default Initiative:

 

$PolicyAssignment = Get-AzPolicyAssignment | Where-Object {$_.name -eq "SecurityCenterBuiltIn"}

 

 

This captures the information in a variable which we can use to reveal disabled recommendations:

 

$PolicyAssignment.Properties.parameters

 

 

That gives us the following output:

disabled.png

I could then interact further with this assignment using additional PowerShell cmdlets.