Security Center Recommendations

%3CLINGO-SUB%20id%3D%22lingo-sub-1110551%22%20slang%3D%22en-US%22%3ESecurity%20Center%20Recommendations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1110551%22%20slang%3D%22en-US%22%3E%3CP%3ESome%20ASC%20recommendations%20will%20show%20UnScanned%20Resources%20when%20you%20click%20on%20the%20recommendation.%20When%20I%20download%20the%20report%2C%20I%20also%20see%20many%20listed%20as%20NotApplicable%20in%20the%20%22state%22%20column.%20(The%20term%20%22Unscanned%22%20does%20not%20show%20up%20anywhere%20in%20the%20report).%20How%20can%20you%20tell%20why%20a%20specific%20resource%20is%20%22Unscanned%22%20or%20why%20it%20is%20flagged%20as%20%22NotApplicable%22%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1384179%22%20slang%3D%22en-US%22%3ERe%3A%20Security%20Center%20Recommendations%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1384179%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F519775%22%20target%3D%22_blank%22%3E%40SecureDuck%3C%2FA%3E%26nbsp%3Bit%20depends%20on%20the%20type%20of%20recommendation.%20For%20example%2C%20%22no%20recommendation%22%20in%20the%20UI%20for%20JIT%20VM%20could%20be%20caused%20by%3CSPAN%3E%3A%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EMissing%20NSG%20-%20The%20just-in-time%20solution%20requires%20an%20NSG%20to%20be%20in%20place.%3C%2FLI%3E%0A%3CLI%3EClassic%20VM%20-%20Security%20Center%20just-in-time%20VM%20access%20currently%20supports%20only%20VMs%20deployed%20through%20Azure%20Resource%20Manager.%20A%20classic%20deployment%20is%20not%20supported%20by%20the%20just-in-time%20solution.%3C%2FLI%3E%0A%3CLI%3EOther%20-%20A%20VM%20is%20in%20this%20category%20if%20the%20just-in-time%20solution%20is%20turned%20off%20in%20the%20security%20policy%20of%20the%20subscription%20or%20the%20resource%20group%2C%20or%20if%20the%20VM%20is%20missing%20a%20public%20IP%20and%20doesn't%20have%20an%20NSG%20in%20place.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECheck%20the%20recommendation%20and%20review%20the%20documentation%20for%20the%20potential%20reasons%20that%20an%20item%20show%20as%20not%20recommended%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Visitor

Some ASC recommendations will show UnScanned Resources when you click on the recommendation. When I download the report, I also see many listed as NotApplicable in the "state" column. (The term "Unscanned" does not show up anywhere in the report). How can you tell why a specific resource is "Unscanned" or why it is flagged as "NotApplicable"?

1 Reply

@SecureDuck it depends on the type of recommendation. For example, "no recommendation" in the UI for JIT VM could be caused by:

  • Missing NSG - The just-in-time solution requires an NSG to be in place.
  • Classic VM - Security Center just-in-time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just-in-time solution.
  • Other - A VM is in this category if the just-in-time solution is turned off in the security policy of the subscription or the resource group, or if the VM is missing a public IP and doesn't have an NSG in place.

 

Check the recommendation and review the documentation for the potential reasons that an item show as not recommended:

https://docs.microsoft.com/en-us/azure/security-center/