Security Center Recommendations

Visitor

Some ASC recommendations will show UnScanned Resources when you click on the recommendation. When I download the report, I also see many listed as NotApplicable in the "state" column. (The term "Unscanned" does not show up anywhere in the report). How can you tell why a specific resource is "Unscanned" or why it is flagged as "NotApplicable"?

1 Reply

@SecureDuck it depends on the type of recommendation. For example, "no recommendation" in the UI for JIT VM could be caused by:

  • Missing NSG - The just-in-time solution requires an NSG to be in place.
  • Classic VM - Security Center just-in-time VM access currently supports only VMs deployed through Azure Resource Manager. A classic deployment is not supported by the just-in-time solution.
  • Other - A VM is in this category if the just-in-time solution is turned off in the security policy of the subscription or the resource group, or if the VM is missing a public IP and doesn't have an NSG in place.

 

Check the recommendation and review the documentation for the potential reasons that an item show as not recommended:

https://docs.microsoft.com/en-us/azure/security-center/