Your GRC team may be looking for an easy to pull report they could download around the exemptions and the azure resources to quickly audit findings. Janetscheck has written quite a bit about the capability and provided some unique Workflow automations aroundīoth are very great workflow automations the GRC team can adopt at an enterprise.
The Exemption capabilities in Microsoft Defender for Cloud utilize Azure Policy exemptions that have been around for a bit now. GRC teams may want on a quarterly or monthly basis to produce a report of the exemptions to review and discuss or hand over to auditors looking to see the exemption story. While recently working with a customer’s Governance Risk and Compliance team (GRC) the discussion pivoted to the ability to exempt Azure resources from policies or disable the policy to reflect the Secure Score correctly for their environment.