Find disabled Security Center Recommendations using PowerShell

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

If you are using Security Center’s Secure Score today (and you should!), you are able to disable specific recommendations which may not be relevant to you. By navigating to the ASC’s default initiative in the Azure Policy blade, you can disable a recommendation:

Disable_Recommendation.png

This would exclude the recommendation from your Secure Score.

 

But what if you want to quickly find which recommendations have been disabled?

 

Since Azure Policy is the technology behind ASC's recommendations, you can leverage the Az PowerShell module and specifically the AzPolicy* Cmdlets:

cmdlets.png

 

Using Get-AzPolicyAssignment I can query the ASC Default Initiative:

 

$PolicyAssignment = Get-AzPolicyAssignment | Where-Object {$_.name -eq "SecurityCenterBuiltIn"}

 

 

This captures the information in a variable which we can use to reveal disabled recommendations:

 

$PolicyAssignment.Properties.parameters

 

 

That gives us the following output:

disabled.png

I could then interact further with this assignment using additional PowerShell cmdlets.

One Reply to “Find disabled Security Center Recommendations using PowerShell”

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.