Application Whitelisting Enabled

Quick Info

Plugin TitleApplication Whitelisting Enabled
CategorySecurity Center
DescriptionEnsures that Security Center Monitor Adaptive Application Whitelisting is enabled
More InfoAdaptive application controls work in conjunction with machine learning to analyze processes running in a VM and help control which applications can run, hardening the VM against malware.
Recommended ActionEnable Adaptive Application Controls for Virtual Machines from the Azure Security Center by ensuring AuditIfNotExists setting is used.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Security Center.
  3. Scroll down the “Security Center” navigation panel and select the “Security policy” option under “POLICY & COMPLIANCE."
  4. On the “Policy Management” page under “Name” column select the “Subscription Name” that needs to be verified.
  5. On the “Security Policy” page scroll down the “Compute And Apps” section and check the “Adaptive Application Controls should be enabled on virtual machines”. If it’s set to “Disabled” then “Adaptive Application Whitelisting” is not enabled on the selected “Subscription."
  6. Repeat steps number 2 - 5 to check other “Subscriptions” under the “Security Center."
  7. Navigate to the “Security Center”, select the “Security policy” and under “Policy Management” select the “Subscription” that needs to enable the “Adaptive Application Whitelisting."
  8. Select the “Subscription” link under the “Security policy” at the top to get into the configuration settings.
  9. Scroll down the page and under “Parameter” choose the “Adaptive Application Controls should be enabled on virtual machines” and select the “AuditIfNotExists” option from the dropdown menu and click on the “Save” button at the bottom to make the necessary changes.
  10. Repeat steps number 7 - 9 to ensures “Disk Encryption monitoring” is enabled in Security Center.