software solution that tracks and monitors installed software

r4star 0 Reputation points
2023-09-01T08:44:44.8+00:00

Hi,

We would like to restrict and monitor the installation of unauthorized software onto our VMs (IaaS).

Would anyone know of such solutions that are installed on the VM or does Azure Defender do this already?

Thank you

Ron

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,348 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,771 Reputation points Microsoft Employee
    2023-09-05T05:59:18.0233333+00:00

    @r4star

    Thank you posting your query on Microsoft Q&A, from above description I could understand that you re looking for an endpoint solution to block unwanted software installation on your VM.

    Please do correct me if this is not the case by responding in the comments section.

    We have following options to detect and block potentially unwanted applications:

    1. Enable PUA protection in Chromium-based Microsoft Edge
    2. Block URLs with Microsoft Defender SmartScreen

    Security admins can configure how Microsoft Edge and Microsoft Defender SmartScreen work together to protect groups of users from PUA-associated URLs. There are several group policy settings explicitly for Microsoft Defender SmartScreen available, including one for blocking PUA. In addition, admins can configure Microsoft Defender SmartScreen as a whole, using group policy settings to turn Microsoft Defender SmartScreen on or off.

    Although Microsoft Defender for Endpoint has its own blocklist based upon a data set managed by Microsoft, you can customize this list based on your own threat intelligence. If you create and manage indicators in the Microsoft Defender for Endpoint portal, Microsoft Defender SmartScreen respects the new settings.

    1. Microsoft Defender Antivirus and PUA protection You can enable PUA protection with Microsoft Intune, Microsoft Configuration Manager, Group Policy, or via PowerShell cmdlets.

    Use Intune to configure PUA protection

    See the following articles:

    1. Download and install Administrative Templates (.admx) for Windows 11 October 2021 Update (21H2)
    2. On your Group Policy management computer, open the Group Policy Management Console.
    3. Select the Group Policy Object you want to configure, and then choose Edit.
    4. In the Group Policy Management Editor, go to Computer configuration and select Administrative templates.
    5. Expand the tree to Windows Components > Microsoft Defender Antivirus.
    6. Double-click Configure detection for potentially unwanted applications.
    7. Select Enabled to enable PUA protection.
    8. In Options, select Block to block potentially unwanted applications, or select Audit Mode to test how the setting works in your environment. Select OK.
    9. Deploy your Group Policy object as you usually do.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.