Let’s learn how to use Azure AD recommendations to optimize the configurations for your scenarios. Azure AD recommendations feature helps you to improve the state of your Azure AD tenant by helping you identify opportunities to implement best practices for Azure AD-related features.
Each Azure AD recommendation contains similar details such as a description, the value of addressing the recommendation, and the steps to address the recommendation.
The Azure AD recommendations feature helps ensure your tenant is in a secure and healthy state while also helping you maximize the value of the features available in Azure AD.
Daily, Azure AD analyzes the configuration of your tenant. During this analysis, Azure AD compares the data of a recommendation with the actual configuration of your tenant.
Let’s use Intune Recommendations Insights for SCCM Site Health and Device Management. Microsoft Intune Recommendations Insights can be an invaluable resource for IT Admins who want to optimize Configuration Manager site health and device management capabilities.
- Assign Azure AD Roles Using Privileged Identity Management PIM
- New Microsoft Intune Suite For Endpoint Management
How to Use Azure AD Recommendations
To view the details of a recommendation, There are different role requirements for viewing or updating a recommendation.
You must be assigned one of the following roles to view Recommendations: Global administrator, Global reader, Security Administrator, Security reader, Cloud app administrator, or Application administrator.
- Sign in to Azure Portal or Azure AD Portal.
- Navigate to Azure AD > Recommendations and select a recommendation from the list.
In the Tenant overview, you’ll see a ” Recommendations ” tab. Every 24 hours, our service checks your tenant against available recommendations. If we detect that you have an opportunity to implement an Azure AD best practice, you’ll see it here in the Recommendations tab.
The Status of a recommendation can be updated manually or automatically by the system. If all resources are addressed according to the action plan, the status automatically changes to Completed the next time the recommendations service runs.
- The Priority of a recommendation could be low, medium, or high. Several factors, such as security implications, health concerns, or potential breaking changes, determine these values.
- High: Must do. Not acting will result in severe security implications or potential downtime.
- Medium: Should do. No severe risk if action isn’t taken.
- Low: Might do. No security risks or health concerns if action isn’t taken.
Select a recommendation from the list to view the details, status, and action plan. Follow the Action plan.
The Status description tells you the date the recommendation status changed and if it was changed by the system or a user. The recommendation’s Value is an explanation of why completing the recommendation will benefit you, and the value of the associated feature.
The Action plan provides step-by-step instructions to implement a recommendation. The Action plan may include links to relevant documentation or direct you to other pages in the Azure portal.
The Impacted resources table contains a list of resources identified by the recommendation. The resource’s name, ID, date it was first detected, and status is provided. The resource could be an application or resource service principal.
You need to right-click on the status of a resource in a recommendation, select Mark as, then select a status. The status for the resource appears as regular text, but you can right-click on the status to open the menu. You can set each resource to a different status as needed.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.