Our general approach is that we will flag up the existence of a vulnerability that needs to be patched or removed.
Microsofts own description of a mitigation visible in that link is “could reduce the severity of exploitation of a vulnerability”. This alligns with our view that a mitigation does not remove the vulnerability or the risk, but rather is a method of reducing your risk. Full remediation is always recommended by the vendor, and by Rapid7. Mitigations can be easily undone, leaving the system vulnerable again.
If you do not want to patch, and you are happy to accept the risk remaining, then I would recommend using an exception.