Application Whitelisting Enabled
Ensures that Security Center Monitor Adaptive Application Whitelisting is enabled
Adaptive application controls work in conjunction with machine learning to analyze processes running in a VM and help control which applications can run, hardening the VM against malware.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the Microsoft Azure Management Console.
-
Select the “Search resources, services, and docs” option at the top and search for “Microsoft Defender for Cloud”.
-
Scroll down the left navigation panel and select the “Environment Settings” under “Management”.
-
On the “Microsoft Defender for Cloud | Environment settings” page under “Name” column, select the “Subscription Name” that needs to be verified by clicking on its Name.
-
On the “Settings” page scroll down the “Policy settings” section and select “Security Policy”.
-
On the “Settings | Security policy” page, Select the “Subscription” link under the “Security policy” at the top to get into the configuration settings.
-
On the Settings page, select the “Parameters” tab and uncheck “Only show parameters that need input or review”. It will show you a list of parameters.
-
In the list search for the setting “Adaptive Application Controls for defining safe applications should be enabled on your machines”. If it’s set to “Disabled” then “Adaptive Application Whitelisting” is not enabled on the selected “Subscription”.
-
To enable ““Adaptive Application Whitelisting” click to open the dropdown of “Adaptive Application Controls should be enabled on virtual machines” and select the “AuditIfNotExists” option. Click on the “Review + save” button at the bottom.
-
On the “Review + save” page, click on “Save” button to make the necessary changes.
-
Repeat step number 3 - 10 to ensures “Adaptive Application Whitelisting” is enabled for Subscriptions.