Some ASC recommendations will show UnScanned Resources when you click on the recommendation. When I download the report, I also see many listed as NotApplicable in the "state" column. (The term "Unscanned" does not show up anywhere in the report). How can you tell why a specific resource is "Unscanned" or why it is flagged as "NotApplicable"?
@SecureDuck it depends on the type of recommendation. For example, "no recommendation" in the UI for JIT VM could be caused by:
Missing NSG - The just-in-time solution requires an NSG to be in place.
Classic VM - Security Center just-in-time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just-in-time solution.
Other - A VM is in this category if the just-in-time solution is turned off in the security policy of the subscription or the resource group, or if the VM is missing a public IP and doesn't have an NSG in place.
Check the recommendation and review the documentation for the potential reasons that an item show as not recommended: