This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EQC%3C/text%3E%3C/svg%3E)
Hi,
We have been receiving security recommendations for our virtual machines, and one of the findings states that "Both full and quick scans are out of 7 days":
EDR configuration issues should be resolved on virtual machines-> Findings-> Both full and quick scans are out of 7 days
The details indicate:
{
}
}
The defender plan sor Servers is Plan2:
I would like to understand:
Thanks
Hi,
Sorry the copy paste did not work (see below now the additional information).
We meet all prerequistes as mentioned above.
However, the reommendation is still present after more than 24 hours:
"Both full and quick scans are out of 7 days"
Why there is no automatic quick scan in place for the VMs?
How to allow this automatic quick scan?
Thanks
Regards.
{
"assessedResourceType": "GeneralVulnerability",
"data": {
"LastQuickScanDate": "No quick scan date found",
"LastFullScanDate": "No full scan date found"
}
}
Hello,
After a few months, the recommendation from Microsoft Defender fo Cloud reappears
"EDR configuration issues should be resolved on virtual machines".
In the additionl information of the recommendation, we can read:
{
"assessedResourceType": "GeneralVulnerability",
"data": {
"LastQuickScanDate": "9/2/2024 1:50:07 PM",
"LastFullScanDate": "No full scan date found"
}
}
All prerequisites are still met:
See screenshots below:
So, why do we get again this reommendation?
Thanks
Regards
Hello,
My question was: why do I get this recommendation because the prerequisites are met:
Thereoretically, I should not get the recommendation "EDR configuration issues should be resolved on virtual machines" or I misunderstood something?
Thanks for your help.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Same issue over here. ☹️
Did Microsoft ever responded with a solution?
No they never provided a solution ...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
The details you shared are blank. Are the details truly empty or did they not copy/paste into your post? Aso, do you have all of the prerequisites met for agentless scanning for machines? If you see the finding "Both full and quick scans are out of 7 days", you need to investigate under the "Recommendations" section and follow the remediation steps documented here. If you've already resolved any EDR recommendations, it can take up to 24 hours for the changes to reflect.
Note also that you need to meet the prerequisites highlighted in the article in order to view the recommendations:
If you are not seeing information in the "Additional Information" section, feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID and a link to this thread. That way we can further troubleshoot and I can open a one-time free support case to look into this issue.
If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.
This recommendation is based on the Azure Security Benchmark, which is a policy initiative or group of policies that is included with Azure. The initiative is updated periodically.
This is one recommendation that I disagree with. I shared this with the MDE team and they seemed to agree. A more common recommendation is quick scans daily or weekly followed by full scans monthly (or only when manually requested).
You might attempt to modify the polity to better reflect your scanning preferences. You also have the option o make exclusions or turn the associated policy off completely.
Hello,
The message shown below always re-appears:
However, the settings in the Microsoft Defender for Cloud are set correctly (see below):
There are no exclusions:
Of course, if we run the command "mdatp scan quick" on the Azure VM, the recommendation disappear for one week and then re-appears.
Could someone PLEASE check why we get this security recommendation and why the automatic scanning does not occur in our Azure Linux VMs?
Many Thanks
Regards.