SOLVED

Force a refresh on the Security Policy

Occasional Contributor

Hello there,


Is it possible to force a refresh on the Security Policy or a single recommendation once changes have been made to correct the security alert?

 

9 Replies
best response confirmed by Gunter Danzeisen (Occasional Contributor)
Solution
No force refresh capability, the scan interval is about 30 min for policy based recommendations.

@Miri_Landau Thank you for the update. 30 min is really good. I assumed the cycle was something about 24 hours.

@Miri_Landau 

 

Are you sure about this? It appears to be taking much, much longer on our dashboard; more like 12+ hours.

@Miri_Landau 

 

This is definitely not true. I don't know how long it actually takes and when Defender for Cloud is willing to update its information, but it's definitely closer to 24+ hours than to anything else. It would be a great enhancement if Microsoft enabled a Refresh button on this....

Yes, I've fixed one of the recommendations almost 18 hours ago and the recommendation is still showing in Azure Advisor. I'll keep watching to see when it goes away. :)
Looks like 24 hours to me.

@Greg_Skoff 

Microsoft has recently-ish added a "Freshness interval" item on each recommendation, showing how often recommendations are updated for each policy.

for example:

TheSizeOfACow_0-1648029377972.png

Unfortunately there doesn't seem to be a way to see when the interval last occurred, but at least it gives an idea on how long you have to wait.

@TheSizeOfACow  The interval shown is not reality.  I have six-item that shows as "30 minutes" but it's been 6 hours and they are still here.  Microsoft time is not real-world time.

@Gunter Danzeisen I had the same issue and found a powershell command that forces an Azure Policy Compliance Scan.

There are two options
Whole Subscription:
$job = Start-AzPolicyComplianceScan -AsJob
$job | Wait-Job

 

Single Resource Group:

$ResourceGroup = '%yourresourcegroup%'
$job = Start-AzPolicyComplianceScan -ResourceGroupName $ResourceGroup -AsJob
$job | Wait-Job

Hope this helps!