You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This feature is supported as part of a public preview. For more information about previews, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
24
24
25
-
Ideally, you want your Azure Active Directory (Azure AD) tenant to be in a secure and healthy state. However, keeping track of all the settings and resources in your tenant can be overwhelming. Azure AD recommendations feature helps keep track of the status of your tenant so you don't have to.
25
+
Keeping track of all the settings and resources in your tenant can be overwhelming. The Azure AD recommendations (preview) feature helps monitor the status of your tenant so you don't have to. Azure AD recommendations helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.
26
26
27
27
The Azure AD recommendations feature provides you personalized insights with actionable guidance to:
28
28
29
29
- Help you identify opportunities to implement best practices for Azure AD-related features.
30
30
- Improve the state of your Azure AD tenant.
31
+
- Optimize the configurations for your scenarios.
31
32
32
33
This article gives you an overview of how you can use Azure AD recommendations. As an administrator, you should review your tenant's recommendations, and their associated resources periodically.
33
34
@@ -41,7 +42,7 @@ Azure AD recommendations is the Azure AD specific implementation of [Azure Advis
41
42
42
43
On a daily basis, Azure AD analyzes the configuration of your tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of your tenant. If a recommendation is flagged as applicable to your tenant, the recommendation appears in the **Recommendations** section of the Azure AD Overview area. Recommendations are listed in order of priority so you can quickly determine where to focus first.
43
44
44
-
Recommendations contain a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. All impacted resources are listed, so you can resolve each affected area.
45
+
Recommendations contain a description, a summary of the value of addressing the recommendation, and a step-by-step action plan. If applicable, impacted resources that are associated with the recommendation are listed, so you can resolve each affected area. If a recommendation doesn't have any associated resources, the impacted resource type is *Tenant level*. so your step-by-step action plan impacts the entire tenant and not just a specific resource.
45
46
46
47
47
48
@@ -53,21 +54,12 @@ The **Status** of a recommendation can be updated manually or automatically. If
53
54
54
55
55
56
56
-
- Mark a recommendation as **Completed** if all impacted resources have been addressed.
57
-
- Active resources may still appear in the list of resources for manually completed recommendations. If the resource is completed, the service will update the status the next time the service runs.
58
-
- If the service identifies an active resource for a manually completed recommendation the next time the service runs, the recommendation will automatically change back to **Active**.
59
-
- Mark a recommendation as **Dismissed** if you think the recommendation is irrelevant or the data is wrong.
60
-
- Azure AD will ask for a reason why you dismissed the recommendation so we can improve the service.
61
-
- Mark a recommendation as **Postponed** if you want to address the recommendation at a later time.
62
-
- The recommendation will become **Active** when the selected date occurs.
63
-
- You can reactivate a completed or postponed recommendation to keep it top of mind and reassess the resources.
64
-
65
-
The **Priority** of a recommendation could be low, medium, or high. These values are determined by a variety of factors, such as security implications or expiring credentials.
57
+
The **Priority** of a recommendation could be low, medium, or high. These values are determined by several factors, such as security implications, health concerns, or potential breaking changes.
66
58
67
59
68
60
69
-
-**High**: Must do. Not acting will result in security implications or potential downtime.
70
-
-**Medium**: Should do. Actions will improve your tenant's health, but no risk if action isn't taken.
61
+
-**High**: Must do. Not acting will result in severe security implications or potential downtime.
62
+
-**Medium**: Should do. No severe risk if action isn't taken.
71
63
-**Low**: Might do. No security risks or health concerns if action isn't taken.
72
64
73
65
The **Impacted resources** for a recommendation could be things like applications or users. This detail gives you an idea of what type of resources you'll need to address. The impacted resource could also be at the tenant level, so you may need to make a global change.
@@ -76,7 +68,7 @@ The **Status description** tells you the date the recommendation status changed
76
68
77
69
The recommendation's **Value** is an explanation of why completing the recommendation will benefit you, and the value of the associated feature.
78
70
79
-
The **Action plan** provides step-by-step instructions to implement a recommendation.
71
+
The **Action plan** provides step-by-step instructions to implement a recommendation. May include links to relevant documentation or direct you to other pages in the Azure AD portal.
80
72
81
73
## What you should know
82
74
@@ -86,7 +78,7 @@ The following roles provide *read-only* access to recommendations:
86
78
- Security Reader
87
79
- Global Reader
88
80
89
-
The following roles provide *update* access to recommendations:
81
+
The following roles provide *update and read-only* access to recommendations:
90
82
91
83
- Global Administrator
92
84
- Security Administrator
@@ -96,25 +88,48 @@ The following roles provide *update* access to recommendations:
96
88
97
89
Any role can enable the Azure AD recommendations preview, but you'll need one of the roles listed above to view or update recommendations. Azure AD only displays the recommendations that apply to your tenant, so you may not see all supported recommendations listed.
98
90
99
-
Some recommendations have a list of impacted resources associated. This list of resources gives you more context on how the recommendation applies to you and/or which resources you need to address. The only action recorded in the audit log is completing recommendations.
91
+
Some recommendations have a list of impacted resources associated. This list of resources gives you more context on how the recommendation applies to you and/or which resources you need to address. The only action recorded in the audit log is completing recommendations. Actions taken on a recommendation are collected in the audit log. To view these logs, go to **Azure AD** > **Audit logs** and filter the service to "Azure AD recommendations."
100
92
101
93
## How to access Azure AD recommendations (preview)
102
94
103
95
To enable the Azure AD recommendations preview:
104
96
105
97
1. Sign in to the [Azure portal](https://portal.azure.com/).
106
98
107
-
1. Go to **Azure Active Directory** > **Preview features** and enable **Azure AD recommendations.**
99
+
1. Go to **Azure AD** > **Preview features** and enable **Azure AD recommendations.**
108
100
- Recommendations may take a few minutes to sync.
109
101
- While anyone can enable the preview feature, you'll need a [specific role](overview-recommendations.md#what-you-should-know) to view or update a recommendation.
110
102
111
103
112
104
113
105
After the preview is enabled, you can view the available recommendations from the Azure AD administration portal. The Azure AD recommendations feature appears on the **Overview** page of your tenant.
114
106
115
-
Select a recommendation from the list to view the details, status, and action plan. Recommendations are listed in priority order, from high to low.
107
+
## How to use Azure AD recommendations (preview)
108
+
109
+
1. Go to **Azure AD** > **Recommendations**.
110
+
111
+
1. Select a recommendation from the list to view the details, status, and action plan.
112
+
113
+
114
+
115
+
1. Follow the **Action plan**.
116
+
117
+
1. If applicable, right-click on a resource in a recommendation, select **Mark as**, then select a status.
118
+
119
+
120
+
121
+
1. If you need to manually change the status of a recommendation, select **Mark as** from the top of the page and select a status.
122
+
123
+
- Mark a recommendation as **Completed** if all impacted resources have been addressed.
124
+
- Active resources may still appear in the list of resources for manually completed recommendations. If the resource is completed, the service will update the status the next time the service runs.
125
+
- If the service identifies an active resource for a manually completed recommendation the next time the service runs, the recommendation will automatically change back to **Active**.
126
+
- Mark a recommendation as **Dismissed** if you think the recommendation is irrelevant or the data is wrong.
127
+
- Azure AD will ask for a reason why you dismissed the recommendation so we can improve the service.
128
+
- Mark a recommendation as **Postponed** if you want to address the recommendation at a later time.
129
+
- The recommendation will become **Active** when the selected date occurs.
130
+
- You can reactivate a completed or postponed recommendation to keep it top of mind and reassess the resources.
116
131
117
-
132
+
Continue to monitor the recommendations in your tenant for changes.
0 commit comments