MS Defender Security Recommendation Review Process
This page lists the process to review and act on the security recommendations identified by Microsoft Defender product for Prod Hub and Prod Shared services.
Detection and Notification
We have configured MS defender to look for High and Medium severity recommendations as defined in the MS baseline and UK official-UK NHS regulatory control.
The scan runs automatically as a managed service in Azure and it is configured to notify the ALZ team Owner ( Emma Harley/Stuart Taylor) beginning of every week.
Upon receiving the email notification the owners can login to Azure Portal to see the fired recommendations and the suggested auto generated remediation steps.
The owner can delegate a recommendation to an engineer or architect and set an ETA to address the recommendation.
Review Process
It is proposed that ALZ team meet bi-weekly to discuss each of the high and medium severity recommendations across Prod Hub and Prod Shared Services.
We will look at each recommendation in detail and then determine the ones which are either:
High Priority.
Quick Wins.
Not applicable or False Alarms.
Ticketing and assignment
Once the High Priority and Quick Wins are identified, the owner will use the Trigger Logic App feature on the respective recommendation.
This will create a JIRA ticket in the Backlog of the Hybrid Cloud Project with the Description and Summary of the recommendation.
These JIRA tickets can then be assigned to Engineers or Architects as required and can be tracked to completion.
Exemption
During the course of review of these recommendations there would be a few of them which would need to be waived off or exempted from any remediation action.
Such exemption would be discussed in the bi-weekly meeting and Owner should be able to use Azure Portal to mark such as exempted from the current and future secure posture evaluation process.