Ensure that the monitoring of the adaptive application controls is enabled within your Microsoft Azure cloud account so that Microsoft Defender for Cloud can determine if the Adaptive Application Control feature is enabled for your eligible virtual machines (VMs). Adaptive Application Control is an automated application whitelisting solution provided by Microsoft Defender for Cloud that helps you deal with malicious and/or unauthorized software, by allowing only specific applications to run on your Azure and non-Azure VMs (using both Windows and Linux).
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
When the monitoring of the adaptive application controls is enabled within your Microsoft Azure account, it delegates Microsoft Defender for Cloud service to scan for adaptive application controls that enables you to control which applications can run on your eligible virtual machines (VMs) and helps you harden your VMs against malware. Microsoft Defender for Cloud uses machine learning to analyze the applications running on each eligible virtual machine and suggest the list of known-safe applications
Audit
To determine if the monitoring of the adaptive application controls for virtual machines is enabled within the Microsoft Defender for Cloud security policy, perform the following actions:
Remediation / Resolution
To turn on adaptive application controls for virtual machines using the Microsoft Defender for Cloud security policy, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Manage security policies
- Azure Policy built-in policy definitions
- Use adaptive application controls to reduce your machines' attack surfaces
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token