Azure Security Center VM security configurations: how to suppress / exempt?

Azure Security Center has recommendations for the configuration of my Windows virtual machines (VMs).

Azure Security Center → Secure Score → Recommendations → Remediate security configurations › Vulnerabilities in security configuration on your machines should be remediated → Remediate security configurations

These recommendations are sensible and I intend to simply comply with most of them. However, some conflict with another company policy. For those rules, I would like to suppress / exempt them, i.e. mark them as "won't fix, because of (reasons)".

For Security Center recommendations that result from an Azure Policy, I have a clear Exempt button. Not here though. For these security configurations, the "State: Open" column implies that they can have other states as well. Hopefully this includes something like "Exempted"? For the life of me, I can't find a way to turn some of these rules off (or all of them, for that matter).

Is this possible? If so, how?

I asked MS support. They showed me that these recommendations are part of the Policy Assignment called "ASC Default".

Within the parameters of this Initiative Assignment, there is an option to disable the VM security config recommendations. This disables the entire scan, for all VMs in the subscription. This means that the control simply no longer shows up at all on the Secure Score page.

There is also an option to add an exemption here. This can be done at the sub / rg / VM level. You can exempt only the VM security configs, and leave the rest of the ASC Default untouched.

There is no option to exempt or disable only certain rules.