Edit

Share via

Risk prioritization

Microsoft Defender for Cloud proactively utilizes a dynamic engine that assesses the risks in your environment while taking into account the potential for exploitation and the potential business impact to your organization. The engine prioritizes security recommendations based on the risk factors of each resource, which are determined by the context of the environment, including the resource's configuration, network connections, and security posture.

When Defender for Cloud performs a risk assessment of your security issues, the engine identifies the most significant security risks while distinguishing them from less risky issues. The recommendations are then sorted based on their risk level, allowing you to address the security issues that pose immediate threats with the greatest potential of being exploited in your environment.

Prerequisites

Risk prioritization and governance are supported only with the Defender CSPM plan. While recommendations are included with the Foundational CSPM plan, risk prioritization features require the enhanced capabilities of Defender CSPM.

If your environment isn't protected by the Defender CSPM plan, the columns with the risk prioritization features appear blurred out in the recommendations interface.

How to use risk prioritization

To learn how to use risk prioritization effectively in your security operations, including detailed explanations of risk factors, risk calculation methodology, and risk levels, see:

These comprehensive guides include:

  • Risk factors and how they influence prioritization
  • Risk calculation methodology
  • Risk level classifications (Critical, High, Medium, Low, Not evaluated)
  • Recommendations dashboard details and filtering options
  • Integration with attack path analysis

Related content

  • Last updated on