At Microsoft Ignite, we announced new adaptive applications controls that protect your applications from malware by using whitelisting rules. Today, we are excited to share that these capabilities are available for public preview in Azure Security Center.
Application controls, such as whitelisting, can help limit exposure to malicious and vulnerable applications. Instead of trying to keep pace with rapidly evolving malware and new exploits, application control simply blocks all but known good applications. For purpose-built servers that typically run a fixed set of application, whitelisting can add significant protection. Application control solutions have existed for some time now, but organizations usually find it too complex and hard to manage, especially when unique rules are required per server or group of servers, and in large scale.
Adaptive Application Controls leverages machine learning to analyze the behavior of your Azure virtual machines, create a baseline of applications, group the virtual machines, and recommend and automatically apply the appropriate whitelisting rules. You can view, modify, and receive alerts for these rules in Azure Security Center.
Adaptive application controls are currently available for Windows virtual machines running in Azure (all versions, classic or Azure Resource Manager). To get started, open Security Center and select the application whitelisting tile.
Enable Adaptive Application Controls and apply policies
In the Adaptive Application Controls blade, you can easily enable Adaptive Application Controls for groups of virtual machines that you select. You can view a recommendation and create the policy that will determine which applications will be allowed to run, initially in audit mode, and receive alerts when applications violate the rules. Creating and applying your own policies reduces management complexity while increasing the protection of your applications.
Monitoring and editing an Adaptive Application Controls policy
In the Adaptive Application Controls blade, you can easily manage and monitor existing groups of virtual machines that are configured with an adaptive application controls policy. You can view and modify the whitelisting rules that are applied on the VMs within a specific group and be alerted on violations of those rules. In addition, you can change the mode in which a specific adaptive application controls policy is applied and start blocking unapproved applications using the enforce mode. Visibility into the security posture of your applications helps you stay in control.
These new capabilities are available within the standard pricing tier of Azure Security Center, and you can try it for free for the first 60 days.
See our documentation to learn more about Adaptive Application Controls.