This control plane turns Defender exposure data into one buyer-readable surface: attack-path posture, privileged identity risk, device coverage gaps, stale remediation, and the response packets needed before change windows, audits, or tenant trust drift.
| Gap | Owner | Subject | Principal | Message |
|---|---|---|---|---|
| high attack-path-open |
Exposure Operations | WIN-ADMIN-22 Global tenant |
— | Attack-path exposure on "WIN-ADMIN-22" stays open and can chain identity, device, and app risk together. |
| high privileged-identity-exposed |
Identity Operations | svc-breakglass-01 Global tenant |
svc-breakglass-01@kineticgain.com | Privileged identity "svc-breakglass-01@kineticgain.com" still carries unresolved exposure posture. |
| high critical-vulnerability-open |
Exposure Operations | LAP-EXEC-07 Executive fleet |
— | Critical vulnerability exposure on "LAP-EXEC-07" remains active and needs a tighter remediation window. |
| medium email-posture-gap |
Exposure Operations | Exposure Operations Global tenant |
— | Exposure control in Global tenant is missing email posture coverage for collaboration and phishing attack paths. |
| medium control-plan-missing |
Collaboration Security | Collaboration Security EMEA collaboration tenant |
— | Exposure control in EMEA collaboration tenant is degraded and does not provide a healthy remediation lane. |
| medium stale-active-recommendation |
Exposure Operations | WIN-ADMIN-22 Global tenant |
— | Recommendation "Attack path from unmanaged admin workstation to privileged cloud app remains open" has remained active since 2026-05-26T10:35Z. |
| medium stale-active-recommendation |
Identity Operations | svc-breakglass-01 Global tenant |
— | Recommendation "Privileged break-glass account lacks current risk review" has remained active since 2026-05-25T21:00Z. |
| medium device-risk-uncontained |
Endpoint Engineering | srv-fin-reports-03 Finance workloads |
— | Device or server exposure on "srv-fin-reports-03" needs containment before broader tenant trust degrades. |
| medium stale-active-recommendation |
Endpoint Engineering | srv-fin-reports-03 Finance workloads |
— | Recommendation "Server exposure after EDR drift on finance reporting node" has remained active since 2026-05-24T22:40Z. |
| medium email-posture-gap |
Collaboration Security | finance-emea@kineticgain.com EMEA collaboration tenant |
— | Email and collaboration posture for "finance-emea@kineticgain.com" is still missing the needed Defender remediation proof. |
| medium stale-active-recommendation |
Collaboration Security | finance-emea@kineticgain.com EMEA collaboration tenant |
— | Recommendation "Mailbox forwarding and phishing-safe-link policy proof is incomplete" has remained active since 2026-05-24T09:15Z. |
| medium high-severity-unassigned |
Exposure Operations | LAP-EXEC-07 Executive fleet |
— | High-severity recommendation "Critical browser vulnerability remains active on executive laptop" still has no assigned owner. |
| medium stale-active-recommendation |
Exposure Operations | LAP-EXEC-07 Executive fleet |
— | Recommendation "Critical browser vulnerability remains active on executive laptop" has remained active since 2026-05-23T12:20Z. |