Disable Specific Vulnerability Findings

Implementation Effort: Low – Involves targeted configuration by security administrators using the Defender for Cloud portal.

User Impact: Low – Disabling findings is an administrative action; end users are not affected.

Overview

In Microsoft Defender for Servers, organizations may choose to disable specific vulnerability findings that are not relevant or actionable in their environment. This helps reduce alert fatigue and ensures that security teams focus on high-priority issues. Disabling findings does not impact the secure score or generate noise in the recommendation list.

Administrators can disable findings by navigating to Defender for Cloud > Recommendations, selecting the recommendation "Machines should have vulnerability findings resolved", and using the "Disable rule" option under the Take action tab. Suppression criteria can include:

• Specific finding IDs
• CVEs
• Categories (e.g., OS type)
• Security check names
• CVSS scores
• Severity thresholds
• Patchability status

A justification can be added for auditing purposes. Once applied, the rule may take up to 24 hours to take effect and can be reviewed in the Disable rule page.

This capability supports the "Verify Explicitly" principle of Zero Trust by allowing organizations to fine-tune their vulnerability management process while maintaining visibility and control over what is intentionally excluded.

Reference

• Disable VM vulnerability findings in Microsoft Defender for Cloud
• Express configuration vulnerability findings
• Disable vulnerability findings for containers