As you know, Azure Security Center (ASC) is your one stop shop to get an overview of your Azure security posture and custom recommendations based on your Azure environment.

Well, while this quite an important capability, there are some limitations, such as not being able to be selective on which resource(s) a recommendation should apply.

If you wanted to have exception for specific resource(s) you have – well had – no other choice on either completely disable the recommendation or leave it as is and get your Secure Score impacted because of the resource(s) on which you don’t want to have the recommendation to apply.

Well, good news, you can now create exception on recommendation to exclude specific resource(s) while keeping the recommendation active and improve your Secure Score. An example is the recommendation to have a security endpoint solution, you may use a solution which is not detected/recognized by ASC.

To create exceptions, connect to your Azure portal (https://portal.azure.com/) and access your Azure Security Center

Then click on the recommendation you want to create exception for by accessing the Recommendations blade

 

Once you have access the recommendation details, select the resource you want to exclude from it and open the contextual menu (the 3 dots on the right) to select Create exemption

NOTE 1 you can not create an exemption for multiple resources at once

NOTE 2 not all recommendations support the creation of exemption

Then fill up the exception creation details, including an optional expiration period and the mandatory exemption category to define for which reason you want to exclude the resource

There you go, the exemption has been created and the new time ASC is being refreshed the exclude resource will no longer impact your Secure Score