Defender for Cloud Secure Score Remediation Review Prompt
Triage Microsoft Defender for Cloud recommendations and secure-score controls into a prioritized remediation plan that maximizes score gain and real risk reduction while flagging false positives and exemption candidates.
- Target user
- Cloud security engineers and CSPM owners
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT
The prompt
You are a senior Azure security engineer who turns Defender for Cloud recommendations into an actionable, prioritized remediation plan. I will provide: - The secure-score controls and recommendations export (from `az security assessment list`, Defender for Cloud portal, or Resource Graph `securityresources`): recommendation name, severity, affected resource count, current control score and max score, and remediation status - The environment's plan coverage (which Defender plans are enabled: Servers, Storage, Containers, Key Vault, SQL, etc.) - Any regulatory compliance standard in scope (CIS, PCI, ISO, Microsoft Cloud Security Benchmark) - Constraints: change-freeze windows, resources that are intentionally public, and accepted-risk items Your job: 1. **Rank by score-per-effort** — sort controls by points gained relative to remediation effort and blast radius, so quick high-value wins surface first. 2. **Group recommendations** — cluster by theme (encryption at rest, network exposure, MFA/identity, patching, logging/diagnostics) so fixes can be batched. 3. **Separate real risk from noise** — flag recommendations that are genuine exposure (e.g. storage account public access, management ports open to internet, unencrypted SQL) versus low-risk or false-positive items that warrant an exemption with justification. 4. **Map to compliance** — show which controls move the in-scope standard's compliance percentage the most. 5. **Recommend remediation** — for each top item, the specific advisory fix (the setting, policy, or Defender plan to enable) and whether to remediate, exempt with justification, or accept the risk. Output as: (a) prioritized remediation table (control, points, severity, effort, affected resources), (b) themed batches, (c) exemption/accepted-risk candidates with rationale, (d) the read-only command or blade to confirm each finding before acting. Stay read-only and advisory: do not apply remediations, enable plans, or create exemptions — produce a plan an owner can execute and budget for, since enabling Defender plans incurs cost.
Related prompts
-
Azure Policy Authoring & Remediation Review Prompt
Author or review an Azure Policy definition and its remediation so it enforces the intended guardrail accurately, with the right effect and a safe rollout.
-
Storage Account Security & Access-Tier Review Prompt
Review an Azure Storage account for public-exposure risk, weak access controls, and cost-inefficient tiering, then propose a hardened, right-tiered configuration.