last sync: 2021-May-14 16:08:20 UTC

Azure Policy definition

Allowlist rules in your adaptive application control policy should be updated

Name Allowlist rules in your adaptive application control policy should be updated
Azure Portal
Id 123a3936-f020-408a-ba0c-47873faf1534
Version 3.0.0
details on versioning
Category Security Center
Microsoft docs
Description Monitor for changes in behavior on groups of machines configured for auditing by Azure Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow in adaptive application control policies.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-01-05 16:06:49 change Major (2.0.0 > 3.0.0)
2020-07-14 15:28:17 change Previous DisplayName: Whitelisting rules in your adaptive application control policy should be updated
2020-05-29 15:39:09 add 123a3936-f020-408a-ba0c-47873faf1534
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de Regulatory Compliance Preview
Azure Security Benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8 Security Center GA
JSON Changes

JSON
{
  "properties": {
    "displayName": "Allowlist rules in your adaptive application control policy should be updated",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Monitor for changes in behavior on groups of machines configured for auditing by Azure Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow in adaptive application control policies.",
    "metadata": {
      "version": "3.0.0",
      "category": "Security Center"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "in": [
          "Microsoft.Compute/virtualMachines",
          "Microsoft.ClassicCompute/virtualMachines"
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "1234abcd-1b53-4fd4-9835-2c2fa3935313",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "NotApplicable",
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "123a3936-f020-408a-ba0c-47873faf1534"
}