Azure Security Center provides several threat prevention mechanisms to help you reduce surface areas susceptible to attack. One of those mechanisms is adaptive application controls. Today we are excited to announce the general availability of this capability, which helps you audit and block unwanted applications.
Adaptive application controls help you define the set of applications that are allowed to run on configured groups of virtual machines (VM). Enabling adaptive application controls for your VMs will allow you to do a few things. First, it recommends applications (EXEs, MSIs, and Scripts) to allow (in "allowlists"), automatically clustering similar VMs to ease manageability and reduce exposure to unnecessary applications. It also applies the appropriate rules in an automated fashion, monitors any violations of those rules, and enables you to manage and edit previously applied application allowlist policies.
By default, Security Center enables application control in Audit mode. After validating that the allowlist has not negatively impacted your workload, you can change the protection mode to Enforce mode through the Security Center UI.
You can also change the application control policy for each configured group of VMs through the same Security Center UI, edit and remove previously applied rules, and extend the rules to allow more applications to run in your workloads.
To learn more about these features in Security Center, visit our documentation.