Find disabled Security Center Recommendations using PowerShell

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

If you are using Security Center’s Secure Score today (and you should!), you are able to disable specific recommendations which may not be relevant to you. By navigating to the ASC’s default initiative in the Azure Policy blade, you can disable a recommendation:

Disable_Recommendation.png

This would exclude the recommendation from your Secure Score.

 

But what if you want to quickly find which recommendations have been disabled?

 

Since Azure Policy is the technology behind ASC's recommendations, you can leverage the Az PowerShell module and specifically the AzPolicy* Cmdlets:

cmdlets.png

 

Using Get-AzPolicyAssignment I can query the ASC Default Initiative:

 

$PolicyAssignment = Get-AzPolicyAssignment | Where-Object {$_.name -eq "SecurityCenterBuiltIn"}

 

 

This captures the information in a variable which we can use to reveal disabled recommendations:

 

$PolicyAssignment.Properties.parameters

 

 

That gives us the following output:

disabled.png

I could then interact further with this assignment using additional PowerShell cmdlets.

One Reply to “Find disabled Security Center Recommendations using PowerShell”

REMEMBER: these articles are SYNDICATED. Your best bet to get a reply is to follow the link at the top of the post to the ORIGINAL post! BUT you're more than welcome to start discussions here:

This site uses Akismet to reduce spam. Learn how your comment data is processed.