Exposure level clarification

%3CLINGO-SUB%20id%3D%22lingo-sub-1133583%22%20slang%3D%22en-US%22%3EExposure%20level%20clarification%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1133583%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everybody%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20having%20some%20machines%20in%20Defender%20ATP%20and%20wondering%20about%20the%26nbsp%3BExposure%20level.%3C%2FP%3E%3CP%3EAs%20explained%20in%20the%20info%20icon%20the%20exposure%20level%20is%20only%20about%20the%20security%20recommendations.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20deeper%20explanation%20how%20this%20number%20is%20generated%3F%20Because%20I%20see%20some%20low%20level%20recommendations%20but%20in%20some%20cases%20the%20level%20is%20medium%20-%20this%20does%20not%20make%20sense%20to%20me.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20having%20the%20same%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1133583%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EATP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EDefender%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eexposure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Contributor

Hi everybody,

 

I having some machines in Defender ATP and wondering about the Exposure level.

As explained in the info icon the exposure level is only about the security recommendations.

 

Is there any deeper explanation how this number is generated? Because I see some low level recommendations but in some cases the level is medium - this does not make sense to me.

 

Anyone having the same?

 

Regards

1 Reply
Highlighted
The exposure score is continuously calculated on each device in the organization and influenced by the following factors:

Weaknesses, such as vulnerabilities discovered on the device
External and internal threats such as public exploit code and security alerts
Likelihood of the device to get breached given its current security posture
Value of the device to the organization given its role and content

To learn more:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/tvm-expos...