AzPolicyAdvertizer

last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

Allowlist rules in your adaptive application control policy should be updated

Name Allowlist rules in your adaptive application control policy should be updated
Azure Portal

Id 123a3936-f020-408a-ba0c-47873faf1534

Version 2.0.0
details on versioning

Category Security Center
Microsoft docs

Description Monitor for changes in behavior on groups of machines configured for auditing by Azure Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow in adaptive application control policies.

Mode All

Type BuiltIn

Preview FALSE

Deprecated FALSE

Effect Default: AuditIfNotExists
Allowed: (AuditIfNotExists, Disabled)

Used RBAC Role none

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2020-07-14 15:28:17	change	Previous DisplayName: Whitelisting rules in your adaptive application control policy should be updated
2020-05-29 15:39:09	add	123a3936-f020-408a-ba0c-47873faf1534

Used in Initiatives

Initiative DisplayName	Initiative Id	Initiative Category	State
Enable Monitoring in Azure Security Center	1f3afdf9-d0c9-4c3d-847f-89da613e70a8	Security Center	GA

Json

{
  "properties": {
    "displayName": "Allowlist rules in your adaptive application control policy should be updated",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "Monitor for changes in behavior on groups of machines configured for auditing by Azure Security Center's adaptive application controls. Security Center uses machine learning to analyze the running processes on your machines and suggest a list of known-safe applications. These are presented as recommended apps to allow in adaptive application control policies.",
    "metadata": {
      "version": "2.0.0",
      "category": "Security Center"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "AuditIfNotExists",
          "Disabled"
        ],
        "defaultValue": "AuditIfNotExists"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "in": [
          "Microsoft.Compute/virtualMachines",
          "Microsoft.ClassicCompute/virtualMachines"
        ]
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.Security/assessments",
          "name": "1234abcd-1b53-4fd4-9835-2c2fa3935313",
          "existenceCondition": {
            "field": "Microsoft.Security/assessments/status.code",
            "in": [
              "Healthy"
            ]
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/123a3936-f020-408a-ba0c-47873faf1534",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "123a3936-f020-408a-ba0c-47873faf1534"
}

Azure Policy definition

Allowlist rules in your adaptive application control policy should be updated

Popular