Adaptive Application Controls - Put

Service:

Defender for Cloud

API Version:

2020-01-01

Mettre à jour un groupe d’ordinateurs de contrôle d’application

PUT https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}?api-version=2020-01-01

Paramètres URI

Nom	Dans	Obligatoire	Type	Description
ascLocation	path	True	string	Emplacement où ASC stocke les données de l’abonnement. peut être récupéré à partir de Get locations
groupName	path	True	string	Nom d’un groupe d’ordinateurs de contrôle d’application
subscriptionId	path	True	string	ID d’abonnement Azure Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	Version de l’API pour l’opération

Corps de la demande

Nom	Type	Description
properties.enforcementMode	EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs
properties.pathRecommendations	PathRecommendation[]	Représente un chemin d’accès qu’il est recommandé d’autoriser et ses propriétés
properties.protectionMode	ProtectionMode	Mode de protection des types collection/fichier. Exe/Msi/Script sont utilisés pour Windows, l’exécutable est utilisé pour Linux.
properties.vmRecommendations	VmRecommendation[]	Représente une machine qui fait partie d’un groupe d’ordinateurs

Réponses

Nom	Type	Description
200 OK	AdaptiveApplicationControlGroup	Ok
Other Status Codes	CloudError	Réponse d’erreur décrivant la raison de l’échec de l’opération.

Sécurité

azure_auth

Flux OAuth2 Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nom	Description
user_impersonation	Emprunter l’identité de votre compte d’utilisateur

Exemples

Update an application control machine group by adding a new application

Sample Request

HTTP

PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1?api-version=2020-01-01

{
  "properties": {
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      },
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "action": "Add",
        "type": "File",
        "common": true
      }
    ]
  }
}

Java

import com.azure.resourcemanager.security.models.AdaptiveApplicationControlGroup;
import com.azure.resourcemanager.security.models.ConfigurationStatus;
import com.azure.resourcemanager.security.models.EnforcementMode;
import com.azure.resourcemanager.security.models.EnforcementSupport;
import com.azure.resourcemanager.security.models.FileType;
import com.azure.resourcemanager.security.models.PathRecommendation;
import com.azure.resourcemanager.security.models.ProtectionMode;
import com.azure.resourcemanager.security.models.PublisherInfo;
import com.azure.resourcemanager.security.models.RecommendationAction;
import com.azure.resourcemanager.security.models.RecommendationType;
import com.azure.resourcemanager.security.models.UserRecommendation;
import com.azure.resourcemanager.security.models.VmRecommendation;
import java.util.Arrays;

/**
 * Samples for AdaptiveApplicationControls Put.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/
     * PutAdaptiveApplicationControls_example.json
     */
    /**
     * Sample code: Update an application control machine group by adding a new application.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void updateAnApplicationControlMachineGroupByAddingANewApplication(
        com.azure.resourcemanager.security.SecurityManager manager) {
        AdaptiveApplicationControlGroup resource = manager.adaptiveApplicationControls()
            .getWithResponse("centralus", "ERELGROUP1", com.azure.core.util.Context.NONE).getValue();
        resource.update().withEnforcementMode(EnforcementMode.AUDIT)
            .withProtectionMode(new ProtectionMode().withExe(EnforcementMode.AUDIT).withMsi(EnforcementMode.NONE)
                .withScript(EnforcementMode.NONE))
            .withVmRecommendations(Arrays.asList(new VmRecommendation()
                .withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                .withRecommendationAction(RecommendationAction.RECOMMENDED)
                .withResourceId(
                    "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090")
                .withEnforcementSupport(EnforcementSupport.SUPPORTED),
                new VmRecommendation().withConfigurationStatus(ConfigurationStatus.CONFIGURED)
                    .withRecommendationAction(RecommendationAction.RECOMMENDED)
                    .withResourceId(
                        "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19")
                    .withEnforcementSupport(EnforcementSupport.SUPPORTED)))
            .withPathRecommendations(Arrays.asList(
                new PathRecommendation()
                    .withPath("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(
                        new PublisherInfo().withPublisherName("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US")
                            .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("Everyone")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("ProductSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("MICROSOFT® COREXT").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE")
                    .withAction(RecommendationAction.RECOMMENDED)
                    .withType(RecommendationType.fromString("PublisherSignature"))
                    .withPublisherInfo(new PublisherInfo().withPublisherName("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN")
                        .withProductName("*").withBinaryName("*").withVersion("0.0.0.0"))
                    .withCommon(true).withUserSids(Arrays.asList("S-1-1-0"))
                    .withUsernames(Arrays.asList(new UserRecommendation().withUsername("NT AUTHORITY\\SYSTEM")
                        .withRecommendationAction(RecommendationAction.RECOMMENDED)))
                    .withFileType(FileType.EXE).withConfigurationStatus(ConfigurationStatus.CONFIGURED),
                new PathRecommendation().withPath("C:\\directory\\file.exe").withAction(RecommendationAction.ADD)
                    .withType(RecommendationType.fromString("File")).withCommon(true)))
            .apply();
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
func ExampleAdaptiveApplicationControlsClient_Put() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().Put(ctx, "centralus", "ERELGROUP1", armsecurity.AdaptiveApplicationControlGroup{
		Properties: &armsecurity.AdaptiveApplicationControlGroupData{
			EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
			PathRecommendations: []*armsecurity.PathRecommendation{
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("Everyone"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("ProductSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("MICROSOFT® COREXT"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:                to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
					Path:                to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
					Action:              to.Ptr(armsecurity.RecommendationActionRecommended),
					Common:              to.Ptr(true),
					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
					FileType:            to.Ptr(armsecurity.FileTypeExe),
					PublisherInfo: &armsecurity.PublisherInfo{
						BinaryName:    to.Ptr("*"),
						ProductName:   to.Ptr("*"),
						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
						Version:       to.Ptr("0.0.0.0"),
					},
					UserSids: []*string{
						to.Ptr("S-1-1-0")},
					Usernames: []*armsecurity.UserRecommendation{
						{
							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
							Username:             to.Ptr("NT AUTHORITY\\SYSTEM"),
						}},
				},
				{
					Type:   to.Ptr(armsecurity.RecommendationType("File")),
					Path:   to.Ptr("C:\\directory\\file.exe"),
					Action: to.Ptr(armsecurity.RecommendationActionAdd),
					Common: to.Ptr(true),
				}},
			ProtectionMode: &armsecurity.ProtectionMode{
				Exe:    to.Ptr(armsecurity.EnforcementModeAudit),
				Msi:    to.Ptr(armsecurity.EnforcementModeNone),
				Script: to.Ptr(armsecurity.EnforcementModeNone),
			},
			VMRecommendations: []*armsecurity.VMRecommendation{
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
				},
				{
					ConfigurationStatus:  to.Ptr(armsecurity.ConfigurationStatusConfigured),
					EnforcementSupport:   to.Ptr(armsecurity.EnforcementSupportSupported),
					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
					ResourceID:           to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroup = armsecurity.AdaptiveApplicationControlGroup{
	// 	Location: to.Ptr("centralus"),
	// 	Name: to.Ptr("ERELGROUP1"),
	// 	Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 	Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusInProgress),
	// 		EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 		Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 		},
	// 		PathRecommendations: []*armsecurity.PathRecommendation{
	// 			{
	// 				Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 				Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 				Common: to.Ptr(true),
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				FileType: to.Ptr(armsecurity.FileTypeExe),
	// 				PublisherInfo: &armsecurity.PublisherInfo{
	// 					BinaryName: to.Ptr("*"),
	// 					ProductName: to.Ptr("*"),
	// 					PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 					Version: to.Ptr("0.0.0.0"),
	// 				},
	// 				UserSids: []*string{
	// 					to.Ptr("S-1-1-0")},
	// 					Usernames: []*armsecurity.UserRecommendation{
	// 						{
	// 							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 							Username: to.Ptr("Everyone"),
	// 					}},
	// 				},
	// 				{
	// 					Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 					Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 					Common: to.Ptr(true),
	// 					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 					FileType: to.Ptr(armsecurity.FileTypeExe),
	// 					PublisherInfo: &armsecurity.PublisherInfo{
	// 						BinaryName: to.Ptr("*"),
	// 						ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 						Version: to.Ptr("0.0.0.0"),
	// 					},
	// 					UserSids: []*string{
	// 						to.Ptr("S-1-1-0")},
	// 						Usernames: []*armsecurity.UserRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 						}},
	// 					},
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 						Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						PublisherInfo: &armsecurity.PublisherInfo{
	// 							BinaryName: to.Ptr("*"),
	// 							ProductName: to.Ptr("*"),
	// 							PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 							Version: to.Ptr("0.0.0.0"),
	// 						},
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-1-0")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\directory\\file.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionAdd),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNotConfigured),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-1-0")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("Everyone"),
	// 								}},
	// 						}},
	// 						ProtectionMode: &armsecurity.ProtectionMode{
	// 							Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 							Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 							Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 						},
	// 						RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 						SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 						VMRecommendations: []*armsecurity.VMRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 							},
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Update an application control machine group
 *
 * @summary Update an application control machine group
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
 */
async function updateAnApplicationControlMachineGroupByAddingANewApplication() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const groupName = "ERELGROUP1";
  const body = {
    enforcementMode: "Audit",
    pathRecommendations: [
      {
        type: "PublisherSignature",
        path: "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [{ recommendationAction: "Recommended", username: "Everyone" }],
      },
      {
        type: "ProductSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "MICROSOFT® COREXT",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "PublisherSignature",
        path: "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        action: "Recommended",
        common: true,
        configurationStatus: "Configured",
        fileType: "Exe",
        publisherInfo: {
          binaryName: "*",
          productName: "*",
          publisherName: "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          version: "0.0.0.0",
        },
        userSids: ["S-1-1-0"],
        usernames: [
          {
            recommendationAction: "Recommended",
            username: "NT AUTHORITY\\SYSTEM",
          },
        ],
      },
      {
        type: "File",
        path: "C:\\directory\\file.exe",
        action: "Add",
        common: true,
      },
    ],
    protectionMode: { exe: "Audit", msi: "None", script: "None" },
    vmRecommendations: [
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
      },
      {
        configurationStatus: "Configured",
        enforcementSupport: "Supported",
        recommendationAction: "Recommended",
        resourceId:
          "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.put(ascLocation, groupName, body);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/PutAdaptiveApplicationControls_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_Put" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdaptiveApplicationControlGroupResource created on azure
// for more information of creating AdaptiveApplicationControlGroupResource, please refer to the document of AdaptiveApplicationControlGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
string groupName = "ERELGROUP1";
ResourceIdentifier adaptiveApplicationControlGroupResourceId = AdaptiveApplicationControlGroupResource.CreateResourceIdentifier(subscriptionId, ascLocation, groupName);
AdaptiveApplicationControlGroupResource adaptiveApplicationControlGroup = client.GetAdaptiveApplicationControlGroupResource(adaptiveApplicationControlGroupResourceId);

// invoke the operation
AdaptiveApplicationControlGroupData data = new AdaptiveApplicationControlGroupData()
{
    EnforcementMode = AdaptiveApplicationControlEnforcementMode.Audit,
    ProtectionMode = new SecurityCenterFileProtectionMode()
    {
        Exe = AdaptiveApplicationControlEnforcementMode.Audit,
        Msi = AdaptiveApplicationControlEnforcementMode.None,
        Script = AdaptiveApplicationControlEnforcementMode.None,
    },
    VmRecommendations =
    {
    new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    },new VmRecommendation()
    {
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    RecommendationAction = RecommendationAction.Recommended,
    ResourceId = new ResourceIdentifier("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
    EnforcementSupport = SecurityCenterVmEnforcementSupportState.Supported,
    }
    },
    PathRecommendations =
    {
    new PathRecommendation()
    {
    Path = "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "Everyone",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("ProductSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "MICROSOFT® COREXT",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
    Action = RecommendationAction.Recommended,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("PublisherSignature"),
    PublisherInfo = new SecurityCenterPublisherInfo()
    {
    PublisherName = "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
    ProductName = "*",
    BinaryName = "*",
    Version = "0.0.0.0",
    },
    IsCommon = true,
    UserSids =
    {
    "S-1-1-0"
    },
    Usernames =
    {
    new UserRecommendation()
    {
    Username = "NT AUTHORITY\\SYSTEM",
    RecommendationAction = RecommendationAction.Recommended,
    }
    },
    FileType = PathRecommendationFileType.Exe,
    ConfigurationStatus = SecurityCenterConfigurationStatus.Configured,
    },new PathRecommendation()
    {
    Path = "C:\\directory\\file.exe",
    Action = RecommendationAction.Add,
    IotSecurityRecommendationType = new IotSecurityRecommendationType("File"),
    IsCommon = true,
    }
    },
};
ArmOperation<AdaptiveApplicationControlGroupResource> lro = await adaptiveApplicationControlGroup.UpdateAsync(WaitUntil.Completed, data);
AdaptiveApplicationControlGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AdaptiveApplicationControlGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
  "name": "ERELGROUP1",
  "type": "Microsoft.Security/applicationWhitelistings",
  "location": "centralus",
  "properties": {
    "recommendationStatus": "Recommended",
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "None",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended"
      },
      {
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "type": "File",
        "common": true,
        "action": "Add",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "NotConfigured"
      }
    ],
    "configurationStatus": "InProgress",
    "issues": [],
    "sourceSystem": "Azure_AppLocker"
  }
}

Définitions

Nom	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlIssue	Alerte que les machines au sein d’un groupe peuvent avoir
AdaptiveApplicationControlIssueSummary	Représente un résumé des alertes du groupe d’ordinateurs
CloudError	Réponse d’erreur courante pour toutes les API Azure Resource Manager pour retourner les détails de l’erreur concernant les opérations ayant échoué. (Cela suit également le format de réponse d’erreur OData.).
CloudErrorBody	Détail de l’erreur.
ConfigurationStatus	Status de configuration du groupe ou de la machine ou de la règle de machines
EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs
EnforcementSupport	La prise en charge de la machine de la fonctionnalité Appliquer
ErrorAdditionalInfo	Informations supplémentaires sur l’erreur de gestion des ressources.
FileType	Type du fichier (pour les fichiers Linux - Exécutable utilisé)
PathRecommendation	Représente un chemin d’accès qu’il est recommandé d’autoriser et ses propriétés
ProtectionMode	Mode de protection des types collection/fichier. Exe/Msi/Script sont utilisés pour Windows, l’exécutable est utilisé pour Linux.
PublisherInfo	Représente les informations d’éditeur d’un processus/d’une règle
RecommendationAction	Action de recommandation de la machine ou de la règle
RecommendationStatus	La recommandation initiale status du groupe ou de l’ordinateur
RecommendationType	Type de la règle à autoriser
SourceSystem	Type source du groupe d’ordinateurs
UserRecommendation	Représente un utilisateur qu’il est recommandé d’autoriser pour une règle donnée
VmRecommendation	Représente une machine qui fait partie d’un groupe d’ordinateurs

AdaptiveApplicationControlGroup

Nom	Type	Description
id	string	ID de ressource
location	string	Emplacement où la ressource est stockée
name	string	Nom de la ressource
properties.configurationStatus	ConfigurationStatus	Status de configuration du groupe ou de la machine ou de la règle de machines
properties.enforcementMode	EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs
properties.issues	AdaptiveApplicationControlIssueSummary[]	Représente un résumé des alertes du groupe d’ordinateurs
properties.pathRecommendations	PathRecommendation[]	Représente un chemin d’accès qu’il est recommandé d’autoriser et ses propriétés
properties.protectionMode	ProtectionMode	Mode de protection des types collection/fichier. Exe/Msi/Script sont utilisés pour Windows, l’exécutable est utilisé pour Linux.
properties.recommendationStatus	RecommendationStatus	La recommandation initiale status du groupe ou de l’ordinateur
properties.sourceSystem	SourceSystem	Type source du groupe d’ordinateurs
properties.vmRecommendations	VmRecommendation[]	Représente une machine qui fait partie d’un groupe d’ordinateurs
type	string	Type de ressource

AdaptiveApplicationControlIssue

Alerte que les machines au sein d’un groupe peuvent avoir

Nom	Type	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

Représente un résumé des alertes du groupe d’ordinateurs

Nom	Type	Description
issue	AdaptiveApplicationControlIssue	Alerte que les machines au sein d’un groupe peuvent avoir
numberOfVms	number	Nombre d’ordinateurs dans le groupe qui ont cette alerte

CloudError

Réponse d’erreur courante pour toutes les API Azure Resource Manager pour retourner les détails de l’erreur concernant les opérations ayant échoué. (Cela suit également le format de réponse d’erreur OData.).

Nom	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	Informations supplémentaires sur l’erreur.
error.code	string	Code d'erreur.
error.details	CloudErrorBody[]	Détails de l’erreur.
error.message	string	Message d’erreur.
error.target	string	Cible d’erreur.

CloudErrorBody

Détail de l’erreur.

Nom	Type	Description
additionalInfo	ErrorAdditionalInfo[]	Informations supplémentaires sur l’erreur.
code	string	Code d'erreur.
details	CloudErrorBody[]	Détails de l’erreur.
message	string	Message d’erreur.
target	string	Cible d’erreur.

ConfigurationStatus

Status de configuration du groupe ou de la machine ou de la règle de machines

Nom	Type	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs

Nom	Type	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

La prise en charge de la machine de la fonctionnalité Appliquer

Nom	Type	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

Informations supplémentaires sur l’erreur de gestion des ressources.

Nom	Type	Description
info	object	Informations supplémentaires
type	string	Type d’informations supplémentaires.

FileType

Type du fichier (pour les fichiers Linux - Exécutable utilisé)

Nom	Type	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

Représente un chemin d’accès qu’il est recommandé d’autoriser et ses propriétés

Nom	Type	Description
action	RecommendationAction	Action de recommandation de la machine ou de la règle
common	boolean	Si l’application est couramment exécutée sur l’ordinateur
configurationStatus	ConfigurationStatus	Status de configuration du groupe ou de la machine ou de la règle de machines
fileType	FileType	Type du fichier (pour les fichiers Linux - Exécutable utilisé)
path	string	Chemin d’accès complet du fichier ou identificateur de l’application
publisherInfo	PublisherInfo	Représente les informations d’éditeur d’un processus/d’une règle
type	RecommendationType	Type de la règle à autoriser
userSids	string[]	Identificateur de sécurité
usernames	UserRecommendation[]	Représente un utilisateur qu’il est recommandé d’autoriser pour une règle donnée

ProtectionMode

Mode de protection des types collection/fichier. Exe/Msi/Script sont utilisés pour Windows, l’exécutable est utilisé pour Linux.

Nom	Type	Description
exe	EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs
executable	EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs
msi	EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs
script	EnforcementMode	Mode d’application/protection de la stratégie de contrôle des applications du groupe d’ordinateurs

PublisherInfo

Représente les informations d’éditeur d’un processus/d’une règle

Nom	Type	Description
binaryName	string	Champ « OriginalName » extrait de la ressource de version du fichier
productName	string	Nom de produit tiré de la ressource de version du fichier
publisherName	string	Champ Objet du certificat x.509 utilisé pour signer le code, à l’aide des champs suivants : O = Organisation, L = Localité, S = État ou Province, et C = Pays
version	string	Version du fichier binaire extraite de la ressource de version du fichier

RecommendationAction

Action de recommandation de la machine ou de la règle

Nom	Type	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

La recommandation initiale status du groupe ou de l’ordinateur

Nom	Type	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

Type de la règle à autoriser

Nom	Type	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

Type source du groupe d’ordinateurs

Nom	Type	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

Représente un utilisateur qu’il est recommandé d’autoriser pour une règle donnée

Nom	Type	Description
recommendationAction	RecommendationAction	Action de recommandation de la machine ou de la règle
username	string	Représente un utilisateur qu’il est recommandé d’autoriser pour une règle donnée

VmRecommendation

Représente une machine qui fait partie d’un groupe d’ordinateurs

Nom	Type	Description
configurationStatus	ConfigurationStatus	Status de configuration du groupe ou de la machine ou de la règle de machines
enforcementSupport	EnforcementSupport	La prise en charge de la machine de la fonctionnalité Appliquer
recommendationAction	RecommendationAction	Action de recommandation de la machine ou de la règle
resourceId	string	ID de ressource complet de l’ordinateur