-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
ASC_AdaptiveApplicationControls_Audit.json
55 lines (55 loc) · 1.83 KB
/
ASC_AdaptiveApplicationControls_Audit.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
"properties": {
"displayName": "Adaptive application controls for defining safe applications should be enabled on your machines",
"policyType": "BuiltIn",
"mode": "All",
"description": "Enable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications.",
"metadata": {
"version": "3.0.0",
"category": "Security Center"
},
"version": "3.0.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "AuditIfNotExists",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"field": "type",
"in": [
"Microsoft.Compute/virtualMachines",
"Microsoft.ClassicCompute/virtualMachines"
]
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/assessments",
"name": "35f45c95-27cf-4e52-891f-8390d1de5828",
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"in": [
"NotApplicable",
"Healthy"
]
}
}
}
},
"versions": [
"3.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc",
"name": "47a6b606-51aa-4496-8bb7-64b11cf66adc"
}