Investigate Resource Health
Implementation Effort: Medium
Security and IT teams must regularly review the health status of resources, analyze alerts and recommendations, and take remediation actions using Defender for Cloud’s resource health page.
User Impact: Low
Resource health investigations are performed by administrators and security teams; end users are not directly involved.
Overview
Investigating resource health in Microsoft Defender for Servers allows security teams to assess the security posture of individual resources—such as virtual machines, databases, and containers—across Azure, AWS, GCP, and hybrid environments. The resource health page in Microsoft Defender for Cloud provides a centralized view of each resource’s security state, including applied Defender plans, outstanding recommendations, and active alerts.
Key Capabilities
- View resource metadata: subscription, region, resource group, and Defender plan status.
- Analyze security recommendations: configuration issues, missing agents, or outdated software.
- Review active alerts: threats detected by Defender for Endpoint or other integrated tools.
- Take remediation actions directly from the portal.
How to Investigate Resource Health
- Sign in to the Azure portal.
- Go to Microsoft Defender for Cloud > Inventory.
- Select any resource (e.g., VM, SQL DB, container).
- The resource health page opens, showing:
- Overview of the resource’s configuration and Defender plan status.
- Tabs for Recommendations and Alerts.
- Counts of outstanding issues and actionable insights 1.
Permissions Required
- To apply recommendations:
Resource Group Contributor
,Owner
, orSubscription Contributor
. - To dismiss alerts:
Security Admin
orSubscription Owner
1.
Why It Matters
- Helps identify unhealthy resources that are non-compliant with security baselines.
- Enables prioritization of remediation based on severity and impact.
- Supports continuous monitoring and incident response workflows.
Failing to investigate resource health regularly can result in undetected misconfigurations or threats. This capability supports the "Assume Breach" and "Verify Explicitly" principles of Zero Trust by ensuring that all resources are continuously assessed and secured.