Adaptive Application Controls - List

Service:

Defender for Cloud

API Version:

2020-01-01

Obtém uma lista de grupos de computadores de controle de aplicativo para a assinatura.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01&includePathRecommendations={includePathRecommendations}&summary={summary}

Parâmetros de URI

Nome	Em	Obrigatório	Tipo	Description
subscriptionId	path	True	string	ID de assinatura do Azure Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	Versão da API para a operação
includePathRecommendations	query		boolean	Incluir as regras de política
summary	query		boolean	Retornar saída em um formulário resumido

Respostas

Nome	Tipo	Description
200 OK	AdaptiveApplicationControlGroups	OK
Other Status Codes	CloudError	Resposta de erro que descreve por que a operação falhou.

Segurança

azure_auth

Fluxo do OAuth2 do Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nome	Description
user_impersonation	representar sua conta de usuário

Exemplos

Gets a list of application control groups of machines for the subscription

Sample Request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01&includePathRecommendations=True&summary=False

Java

/**
 * Samples for AdaptiveApplicationControls List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/
     * GetAdaptiveApplicationControlsSubscription_example.json
     */
    /**
     * Sample code: Gets a list of application control groups of machines for the subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getsAListOfApplicationControlGroupsOfMachinesForTheSubscription(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.adaptiveApplicationControls().listWithResponse(true, false, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsSubscription_example.json
func ExampleAdaptiveApplicationControlsClient_List() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().List(ctx, &armsecurity.AdaptiveApplicationControlsClientListOptions{IncludePathRecommendations: to.Ptr(true),
		Summary: to.Ptr(false),
	})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroups = armsecurity.AdaptiveApplicationControlGroups{
	// 	Value: []*armsecurity.AdaptiveApplicationControlGroup{
	// 		{
	// 			Location: to.Ptr("centralus"),
	// 			Name: to.Ptr("AMIT-VA"),
	// 			Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/AMIT-VA"),
	// 			Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 				Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 				},
	// 				PathRecommendations: []*armsecurity.PathRecommendation{
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 						Path: to.Ptr("C:\\Windows\\SoftwareDistribution\\Download\\Install\\Windows-KB890830-x64-V5.53-delta.exe"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRemove),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNoStatus),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-5-18")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("LOCAL SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\WindowsAzure\\GuestAgent_2.7.1198.822\\CollectGuestLogs.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionRemove),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNoStatus),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-5-18")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("LOCAL SYSTEM"),
	// 								}},
	// 							},
	// 							{
	// 								Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 								Path: to.Ptr("C:\\Windows\\System32\\wbem\\WmiPrvSE.exe"),
	// 								Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Common: to.Ptr(true),
	// 								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 								FileType: to.Ptr(armsecurity.FileTypeExe),
	// 								PublisherInfo: &armsecurity.PublisherInfo{
	// 									BinaryName: to.Ptr("*"),
	// 									ProductName: to.Ptr("*"),
	// 									PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 									Version: to.Ptr("0.0.0.0"),
	// 								},
	// 								UserSids: []*string{
	// 									to.Ptr("S-1-5-18"),
	// 									to.Ptr("S-1-1-0")},
	// 									Usernames: []*armsecurity.UserRecommendation{
	// 										{
	// 											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 											Username: to.Ptr("Everyone"),
	// 									}},
	// 								},
	// 								{
	// 									Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 									Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 									Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Common: to.Ptr(true),
	// 									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 									FileType: to.Ptr(armsecurity.FileTypeExe),
	// 									UserSids: []*string{
	// 										to.Ptr("S-1-1-0")},
	// 										Usernames: []*armsecurity.UserRecommendation{
	// 											{
	// 												RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 												Username: to.Ptr("Everyone"),
	// 										}},
	// 								}},
	// 								ProtectionMode: &armsecurity.ProtectionMode{
	// 									Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 									Msi: to.Ptr(armsecurity.EnforcementModeAudit),
	// 									Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 								},
	// 								RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 								SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 								VMRecommendations: []*armsecurity.VMRecommendation{
	// 									{
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-dsc/providers/microsoft.compute/virtualmachines/erelh-14011"),
	// 									},
	// 									{
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/amit-va/providers/microsoft.compute/virtualmachines/ream-test"),
	// 									},
	// 									{
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14060"),
	// 								}},
	// 							},
	// 						},
	// 						{
	// 							Location: to.Ptr("centralus"),
	// 							Name: to.Ptr("ERELGROUP1"),
	// 							Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 							ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 							Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 								EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 								Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 								},
	// 								PathRecommendations: []*armsecurity.PathRecommendation{
	// 									{
	// 										Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 										Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 										Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Common: to.Ptr(true),
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										FileType: to.Ptr(armsecurity.FileTypeExe),
	// 										PublisherInfo: &armsecurity.PublisherInfo{
	// 											BinaryName: to.Ptr("*"),
	// 											ProductName: to.Ptr("*"),
	// 											PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 											Version: to.Ptr("0.0.0.0"),
	// 										},
	// 										UserSids: []*string{
	// 											to.Ptr("S-1-1-0")},
	// 											Usernames: []*armsecurity.UserRecommendation{
	// 												{
	// 													RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 													Username: to.Ptr("Everyone"),
	// 											}},
	// 									}},
	// 									ProtectionMode: &armsecurity.ProtectionMode{
	// 										Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 										Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 										Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 									},
	// 									RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 									SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 									VMRecommendations: []*armsecurity.VMRecommendation{
	// 										{
	// 											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 											EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportNotSupported),
	// 											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 											ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 									}},
	// 								},
	// 							},
	// 							{
	// 								Location: to.Ptr("centralus"),
	// 								Name: to.Ptr("GROUP1"),
	// 								Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 								ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/GROUP1"),
	// 								Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 									EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 									Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 									},
	// 									PathRecommendations: []*armsecurity.PathRecommendation{
	// 										{
	// 											Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 											Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 											Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 											Common: to.Ptr(true),
	// 											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 											FileType: to.Ptr(armsecurity.FileTypeExe),
	// 											PublisherInfo: &armsecurity.PublisherInfo{
	// 												BinaryName: to.Ptr("*"),
	// 												ProductName: to.Ptr("*"),
	// 												PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 												Version: to.Ptr("0.0.0.0"),
	// 											},
	// 											UserSids: []*string{
	// 												to.Ptr("S-1-1-0")},
	// 												Usernames: []*armsecurity.UserRecommendation{
	// 													{
	// 														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 														Username: to.Ptr("Everyone"),
	// 												}},
	// 											},
	// 											{
	// 												Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 												Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 												Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 												Common: to.Ptr(true),
	// 												ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 												FileType: to.Ptr(armsecurity.FileTypeExe),
	// 												PublisherInfo: &armsecurity.PublisherInfo{
	// 													BinaryName: to.Ptr("*"),
	// 													ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 													PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 													Version: to.Ptr("0.0.0.0"),
	// 												},
	// 												UserSids: []*string{
	// 													to.Ptr("S-1-1-0")},
	// 													Usernames: []*armsecurity.UserRecommendation{
	// 														{
	// 															RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 															Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 													}},
	// 												},
	// 												{
	// 													Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 													Path: to.Ptr("%PROGRAMFILES%\\RAPID7\\INSIGHT AGENT\\COMPONENTS\\INSIGHT_AGENT\\2.6.7.9\\GET_PROXY.EXE"),
	// 													Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 													Common: to.Ptr(true),
	// 													ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 													FileType: to.Ptr(armsecurity.FileTypeExe),
	// 													PublisherInfo: &armsecurity.PublisherInfo{
	// 														BinaryName: to.Ptr("*"),
	// 														ProductName: to.Ptr("*"),
	// 														PublisherName: to.Ptr("O=RAPID7 LLC, L=BOSTON, S=MASSACHUSETTS, C=US"),
	// 														Version: to.Ptr("0.0.0.0"),
	// 													},
	// 													UserSids: []*string{
	// 														to.Ptr("S-1-1-0")},
	// 														Usernames: []*armsecurity.UserRecommendation{
	// 															{
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 														}},
	// 													},
	// 													{
	// 														Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 														Path: to.Ptr("%PROGRAMFILES%\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE"),
	// 														Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 														Common: to.Ptr(true),
	// 														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 														FileType: to.Ptr(armsecurity.FileTypeExe),
	// 														PublisherInfo: &armsecurity.PublisherInfo{
	// 															BinaryName: to.Ptr("*"),
	// 															ProductName: to.Ptr("GOOGLE CHROME"),
	// 															PublisherName: to.Ptr("O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US"),
	// 															Version: to.Ptr("0.0.0.0"),
	// 														},
	// 														UserSids: []*string{
	// 															to.Ptr("S-1-1-0")},
	// 															Usernames: []*armsecurity.UserRecommendation{
	// 																{
	// 																	RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																	Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 															}},
	// 														},
	// 														{
	// 															Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 															Path: to.Ptr("O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US\\GOOGLE UPDATE\\*\\0.0.0.0"),
	// 															Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 															Common: to.Ptr(true),
	// 															ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 															FileType: to.Ptr(armsecurity.FileTypeExe),
	// 															PublisherInfo: &armsecurity.PublisherInfo{
	// 																BinaryName: to.Ptr("*"),
	// 																ProductName: to.Ptr("GOOGLE UPDATE"),
	// 																PublisherName: to.Ptr("O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US"),
	// 																Version: to.Ptr("0.0.0.0"),
	// 															},
	// 															UserSids: []*string{
	// 																to.Ptr("S-1-1-0")},
	// 																Usernames: []*armsecurity.UserRecommendation{
	// 																	{
	// 																		RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																		Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 																}},
	// 														}},
	// 														ProtectionMode: &armsecurity.ProtectionMode{
	// 															Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 															Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 															Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 														},
	// 														RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 														SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 														VMRecommendations: []*armsecurity.VMRecommendation{
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm"),
	// 															},
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm-jit"),
	// 															},
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myresourcegroup/providers/microsoft.compute/virtualmachines/myvmweb"),
	// 															},
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14061"),
	// 														}},
	// 													},
	// 												},
	// 												{
	// 													Location: to.Ptr("westeurope"),
	// 													Name: to.Ptr("GROUP1"),
	// 													Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 													ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/westeurope/applicationWhitelistings/GROUP1"),
	// 													Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 														EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 														Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 															{
	// 																Issue: to.Ptr(armsecurity.AdaptiveApplicationControlIssueExecutableViolationsAudited),
	// 																NumberOfVMs: to.Ptr[float32](1),
	// 														}},
	// 														PathRecommendations: []*armsecurity.PathRecommendation{
	// 															{
	// 																Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																Path: to.Ptr("/sbin/init"),
	// 																Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																Common: to.Ptr(true),
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																UserSids: []*string{
	// 																	to.Ptr("S-1-1-0")},
	// 																	Usernames: []*armsecurity.UserRecommendation{
	// 																		{
	// 																			RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																			Username: to.Ptr("root"),
	// 																	}},
	// 																},
	// 																{
	// 																	Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																	Path: to.Ptr("/sbin/upstart-udev-bridge"),
	// 																	Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																	Common: to.Ptr(true),
	// 																	ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																	FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																	UserSids: []*string{
	// 																		to.Ptr("S-1-1-0")},
	// 																		Usernames: []*armsecurity.UserRecommendation{
	// 																			{
	// 																				RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																				Username: to.Ptr("root"),
	// 																		}},
	// 																	},
	// 																	{
	// 																		Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																		Path: to.Ptr("/lib/systemd/systemd-udevd"),
	// 																		Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																		Common: to.Ptr(true),
	// 																		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																		FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																		UserSids: []*string{
	// 																			to.Ptr("S-1-1-0")},
	// 																			Usernames: []*armsecurity.UserRecommendation{
	// 																				{
	// 																					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																					Username: to.Ptr("root"),
	// 																			}},
	// 																		},
	// 																		{
	// 																			Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																			Path: to.Ptr("/sbin/upstart-socket-bridge"),
	// 																			Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																			Common: to.Ptr(true),
	// 																			ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																			FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																			UserSids: []*string{
	// 																				to.Ptr("S-1-1-0")},
	// 																				Usernames: []*armsecurity.UserRecommendation{
	// 																					{
	// 																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																						Username: to.Ptr("root"),
	// 																				}},
	// 																			},
	// 																			{
	// 																				Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																				Path: to.Ptr("/sbin/dhclient"),
	// 																				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																				Common: to.Ptr(true),
	// 																				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																				FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																				UserSids: []*string{
	// 																					to.Ptr("S-1-1-0")},
	// 																					Usernames: []*armsecurity.UserRecommendation{
	// 																						{
	// 																							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																							Username: to.Ptr("root"),
	// 																					}},
	// 																				},
	// 																				{
	// 																					Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																					Path: to.Ptr("/usr/bin/python3.4"),
	// 																					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																					Common: to.Ptr(true),
	// 																					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																					FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																					UserSids: []*string{
	// 																						to.Ptr("S-1-1-0")},
	// 																						Usernames: []*armsecurity.UserRecommendation{
	// 																							{
	// 																								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																								Username: to.Ptr("root"),
	// 																						}},
	// 																					},
	// 																					{
	// 																						Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																						Path: to.Ptr("/sbin/upstart-file-bridge"),
	// 																						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																						Common: to.Ptr(true),
	// 																						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																						FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																						UserSids: []*string{
	// 																							to.Ptr("S-1-1-0")},
	// 																							Usernames: []*armsecurity.UserRecommendation{
	// 																								{
	// 																									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																									Username: to.Ptr("root"),
	// 																							}},
	// 																						},
	// 																						{
	// 																							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																							Path: to.Ptr("/bin/dbus-daemon"),
	// 																							Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																							Common: to.Ptr(true),
	// 																							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																							FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																							UserSids: []*string{
	// 																								to.Ptr("S-1-1-0")},
	// 																								Usernames: []*armsecurity.UserRecommendation{
	// 																									{
	// 																										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																										Username: to.Ptr("messagebus"),
	// 																								}},
	// 																							},
	// 																							{
	// 																								Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																								Path: to.Ptr("/lib/systemd/systemd-logind"),
	// 																								Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																								Common: to.Ptr(true),
	// 																								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																								FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																								UserSids: []*string{
	// 																									to.Ptr("S-1-1-0")},
	// 																									Usernames: []*armsecurity.UserRecommendation{
	// 																										{
	// 																											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																											Username: to.Ptr("root"),
	// 																									}},
	// 																								},
	// 																								{
	// 																									Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																									Path: to.Ptr("/sbin/getty"),
	// 																									Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																									Common: to.Ptr(true),
	// 																									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																									FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																									UserSids: []*string{
	// 																										to.Ptr("S-1-1-0")},
	// 																										Usernames: []*armsecurity.UserRecommendation{
	// 																											{
	// 																												RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																												Username: to.Ptr("root"),
	// 																										}},
	// 																									},
	// 																									{
	// 																										Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																										Path: to.Ptr("/usr/sbin/atd"),
	// 																										Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																										Common: to.Ptr(true),
	// 																										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																										FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																										UserSids: []*string{
	// 																											to.Ptr("S-1-1-0")},
	// 																											Usernames: []*armsecurity.UserRecommendation{
	// 																												{
	// 																													RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																													Username: to.Ptr("root"),
	// 																											}},
	// 																										},
	// 																										{
	// 																											Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																											Path: to.Ptr("/usr/sbin/cron"),
	// 																											Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																											Common: to.Ptr(true),
	// 																											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																											FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																											UserSids: []*string{
	// 																												to.Ptr("S-1-1-0")},
	// 																												Usernames: []*armsecurity.UserRecommendation{
	// 																													{
	// 																														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																														Username: to.Ptr("root"),
	// 																												}},
	// 																											},
	// 																											{
	// 																												Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																												Path: to.Ptr("/usr/sbin/acpid"),
	// 																												Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																												Common: to.Ptr(true),
	// 																												ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																												FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																												UserSids: []*string{
	// 																													to.Ptr("S-1-1-0")},
	// 																													Usernames: []*armsecurity.UserRecommendation{
	// 																														{
	// 																															RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																															Username: to.Ptr("root"),
	// 																													}},
	// 																												},
	// 																												{
	// 																													Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																													Path: to.Ptr("/usr/sbin/sshd"),
	// 																													Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																													Common: to.Ptr(true),
	// 																													ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																													FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																													UserSids: []*string{
	// 																														to.Ptr("S-1-1-0")},
	// 																														Usernames: []*armsecurity.UserRecommendation{
	// 																															{
	// 																																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																Username: to.Ptr("root"),
	// 																														}},
	// 																													},
	// 																													{
	// 																														Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																														Path: to.Ptr("/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_vss_daemon"),
	// 																														Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																														Common: to.Ptr(true),
	// 																														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																														FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																														UserSids: []*string{
	// 																															to.Ptr("S-1-1-0")},
	// 																															Usernames: []*armsecurity.UserRecommendation{
	// 																																{
	// 																																	RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																	Username: to.Ptr("root"),
	// 																															}},
	// 																														},
	// 																														{
	// 																															Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																															Path: to.Ptr("/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_kvp_daemon"),
	// 																															Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																															Common: to.Ptr(true),
	// 																															ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																															FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																															UserSids: []*string{
	// 																																to.Ptr("S-1-1-0")},
	// 																																Usernames: []*armsecurity.UserRecommendation{
	// 																																	{
	// 																																		RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																		Username: to.Ptr("root"),
	// 																																}},
	// 																															},
	// 																															{
	// 																																Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																Path: to.Ptr("/usr/sbin/nscd"),
	// 																																Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																Common: to.Ptr(true),
	// 																																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																UserSids: []*string{
	// 																																	to.Ptr("S-1-1-0")},
	// 																																	Usernames: []*armsecurity.UserRecommendation{
	// 																																		{
	// 																																			RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																			Username: to.Ptr("unscd"),
	// 																																	}},
	// 																																},
	// 																																{
	// 																																	Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																	Path: to.Ptr("/usr/sbin/ntpd"),
	// 																																	Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																	Common: to.Ptr(true),
	// 																																	ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																	FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																	UserSids: []*string{
	// 																																		to.Ptr("S-1-1-0")},
	// 																																		Usernames: []*armsecurity.UserRecommendation{
	// 																																			{
	// 																																				RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																				Username: to.Ptr("ntp"),
	// 																																		}},
	// 																																	},
	// 																																	{
	// 																																		Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																		Path: to.Ptr("/opt/microsoft/auoms/bin/auomscollect"),
	// 																																		Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																		Common: to.Ptr(true),
	// 																																		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																		FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																		UserSids: []*string{
	// 																																			to.Ptr("S-1-1-0")},
	// 																																			Usernames: []*armsecurity.UserRecommendation{
	// 																																				{
	// 																																					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																					Username: to.Ptr("root"),
	// 																																			}},
	// 																																		},
	// 																																		{
	// 																																			Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																			Path: to.Ptr("/opt/omi/bin/omiserver"),
	// 																																			Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																			Common: to.Ptr(true),
	// 																																			ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																			FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																			UserSids: []*string{
	// 																																				to.Ptr("S-1-1-0")},
	// 																																				Usernames: []*armsecurity.UserRecommendation{
	// 																																					{
	// 																																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																						Username: to.Ptr("root"),
	// 																																				}},
	// 																																			},
	// 																																			{
	// 																																				Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																				Path: to.Ptr("/opt/omi/bin/omiengine"),
	// 																																				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																				Common: to.Ptr(true),
	// 																																				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																				FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																				UserSids: []*string{
	// 																																					to.Ptr("S-1-1-0")},
	// 																																					Usernames: []*armsecurity.UserRecommendation{
	// 																																						{
	// 																																							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																							Username: to.Ptr("omi"),
	// 																																					}},
	// 																																				},
	// 																																				{
	// 																																					Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																					Path: to.Ptr("/opt/omi/bin/omiagent"),
	// 																																					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																					Common: to.Ptr(true),
	// 																																					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																					FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																					UserSids: []*string{
	// 																																						to.Ptr("S-1-1-0")},
	// 																																						Usernames: []*armsecurity.UserRecommendation{
	// 																																							{
	// 																																								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																								Username: to.Ptr("root"),
	// 																																						}},
	// 																																					},
	// 																																					{
	// 																																						Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																						Path: to.Ptr("/usr/sbin/rsyslogd"),
	// 																																						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																						Common: to.Ptr(true),
	// 																																						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																						FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																						UserSids: []*string{
	// 																																							to.Ptr("S-1-1-0")},
	// 																																							Usernames: []*armsecurity.UserRecommendation{
	// 																																								{
	// 																																									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																									Username: to.Ptr("syslog"),
	// 																																							}},
	// 																																						},
	// 																																						{
	// 																																							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																							Path: to.Ptr("/usr/bin/python2.7"),
	// 																																							Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																							Common: to.Ptr(true),
	// 																																							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																							FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																							UserSids: []*string{
	// 																																								to.Ptr("S-1-1-0")},
	// 																																								Usernames: []*armsecurity.UserRecommendation{
	// 																																									{
	// 																																										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																										Username: to.Ptr("root"),
	// 																																									},
	// 																																									{
	// 																																										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																										Username: to.Ptr("omsagent"),
	// 																																								}},
	// 																																							},
	// 																																							{
	// 																																								Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																								Path: to.Ptr("/opt/microsoft/omsagent/ruby/bin/ruby"),
	// 																																								Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																								Common: to.Ptr(true),
	// 																																								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																								FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																								UserSids: []*string{
	// 																																									to.Ptr("S-1-1-0")},
	// 																																									Usernames: []*armsecurity.UserRecommendation{
	// 																																										{
	// 																																											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																											Username: to.Ptr("omsagent"),
	// 																																									}},
	// 																																								},
	// 																																								{
	// 																																									Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																									Path: to.Ptr("/opt/microsoft/auoms/bin/auoms"),
	// 																																									Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																									Common: to.Ptr(true),
	// 																																									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																									FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																									UserSids: []*string{
	// 																																										to.Ptr("S-1-1-0")},
	// 																																										Usernames: []*armsecurity.UserRecommendation{
	// 																																											{
	// 																																												RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																												Username: to.Ptr("root"),
	// 																																										}},
	// 																																									},
	// 																																									{
	// 																																										Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																										Path: to.Ptr("/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent"),
	// 																																										Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																										Common: to.Ptr(true),
	// 																																										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																										FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																										UserSids: []*string{
	// 																																											to.Ptr("S-1-1-0")},
	// 																																											Usernames: []*armsecurity.UserRecommendation{
	// 																																												{
	// 																																													RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																													Username: to.Ptr("root"),
	// 																																											}},
	// 																																										},
	// 																																										{
	// 																																											Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																											Path: to.Ptr("/bin/dash"),
	// 																																											Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																											Common: to.Ptr(true),
	// 																																											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																											FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																											UserSids: []*string{
	// 																																												to.Ptr("S-1-1-0")},
	// 																																												Usernames: []*armsecurity.UserRecommendation{
	// 																																													{
	// 																																														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																														Username: to.Ptr("omsagent"),
	// 																																													},
	// 																																													{
	// 																																														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																														Username: to.Ptr("root"),
	// 																																												}},
	// 																																											},
	// 																																											{
	// 																																												Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																												Path: to.Ptr("/bin/sleep"),
	// 																																												Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																												Common: to.Ptr(true),
	// 																																												ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																												FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																												UserSids: []*string{
	// 																																													to.Ptr("S-1-1-0")},
	// 																																													Usernames: []*armsecurity.UserRecommendation{
	// 																																														{
	// 																																															RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																															Username: to.Ptr("omsagent"),
	// 																																													}},
	// 																																												},
	// 																																												{
	// 																																													Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																													Path: to.Ptr("/opt/dsc/bin/dsc_host"),
	// 																																													Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																													Common: to.Ptr(false),
	// 																																													ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																													FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																													UserSids: []*string{
	// 																																														to.Ptr("S-1-1-0")},
	// 																																														Usernames: []*armsecurity.UserRecommendation{
	// 																																															{
	// 																																																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																Username: to.Ptr("omsagent"),
	// 																																														}},
	// 																																													},
	// 																																													{
	// 																																														Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																														Path: to.Ptr("/usr/bin/sudo"),
	// 																																														Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																														Common: to.Ptr(false),
	// 																																														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																														FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																														UserSids: []*string{
	// 																																															to.Ptr("S-1-1-0")},
	// 																																															Usernames: []*armsecurity.UserRecommendation{
	// 																																																{
	// 																																																	RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																	Username: to.Ptr("root"),
	// 																																															}},
	// 																																														},
	// 																																														{
	// 																																															Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																															Path: to.Ptr("/bin/bash"),
	// 																																															Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																															Common: to.Ptr(false),
	// 																																															ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																															FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																															UserSids: []*string{
	// 																																																to.Ptr("S-1-1-0")},
	// 																																																Usernames: []*armsecurity.UserRecommendation{
	// 																																																	{
	// 																																																		RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																		Username: to.Ptr("root"),
	// 																																																}},
	// 																																															},
	// 																																															{
	// 																																																Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																Path: to.Ptr("/usr/bin/apt-get"),
	// 																																																Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																Common: to.Ptr(false),
	// 																																																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																UserSids: []*string{
	// 																																																	to.Ptr("S-1-1-0")},
	// 																																																	Usernames: []*armsecurity.UserRecommendation{
	// 																																																		{
	// 																																																			RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																			Username: to.Ptr("root"),
	// 																																																	}},
	// 																																																},
	// 																																																{
	// 																																																	Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																	Path: to.Ptr("/usr/lib/apt/methods/http"),
	// 																																																	Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																	Common: to.Ptr(false),
	// 																																																	ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																	FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																	UserSids: []*string{
	// 																																																		to.Ptr("S-1-1-0")},
	// 																																																		Usernames: []*armsecurity.UserRecommendation{
	// 																																																			{
	// 																																																				RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																				Username: to.Ptr("root"),
	// 																																																		}},
	// 																																																	},
	// 																																																	{
	// 																																																		Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																		Path: to.Ptr("/usr/lib/apt/methods/gpgv"),
	// 																																																		Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																		Common: to.Ptr(false),
	// 																																																		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																		FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																		UserSids: []*string{
	// 																																																			to.Ptr("S-1-1-0")},
	// 																																																			Usernames: []*armsecurity.UserRecommendation{
	// 																																																				{
	// 																																																					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																					Username: to.Ptr("root"),
	// 																																																			}},
	// 																																																		},
	// 																																																		{
	// 																																																			Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																			Path: to.Ptr("/usr/lib/apt/methods/copy"),
	// 																																																			Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																			Common: to.Ptr(false),
	// 																																																			ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																			FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																			UserSids: []*string{
	// 																																																				to.Ptr("S-1-1-0")},
	// 																																																				Usernames: []*armsecurity.UserRecommendation{
	// 																																																					{
	// 																																																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																						Username: to.Ptr("root"),
	// 																																																				}},
	// 																																																			},
	// 																																																			{
	// 																																																				Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																				Path: to.Ptr("/usr/bin/pgrep"),
	// 																																																				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																				Common: to.Ptr(true),
	// 																																																				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																				FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																				UserSids: []*string{
	// 																																																					to.Ptr("S-1-1-0")},
	// 																																																					Usernames: []*armsecurity.UserRecommendation{
	// 																																																						{
	// 																																																							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																							Username: to.Ptr("omsagent"),
	// 																																																					}},
	// 																																																				},
	// 																																																				{
	// 																																																					Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																					Path: to.Ptr("/opt/microsoft/omsconfig/bin/omsconsistencyinvoker"),
	// 																																																					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																					Common: to.Ptr(false),
	// 																																																					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																					FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																					UserSids: []*string{
	// 																																																						to.Ptr("S-1-1-0")},
	// 																																																						Usernames: []*armsecurity.UserRecommendation{
	// 																																																							{
	// 																																																								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																								Username: to.Ptr("omsagent"),
	// 																																																						}},
	// 																																																				}},
	// 																																																				ProtectionMode: &armsecurity.ProtectionMode{
	// 																																																					Executable: to.Ptr(armsecurity.EnforcementModeAudit),
	// 																																																				},
	// 																																																				RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 																																																				SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAuditD),
	// 																																																				VMRecommendations: []*armsecurity.VMRecommendation{
	// 																																																					{
	// 																																																						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																						EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportUnknown),
	// 																																																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																						ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/nic-no-pip/providers/microsoft.compute/virtualmachines/nic-no-pip-vm"),
	// 																																																				}},
	// 																																																			},
	// 																																																	}},
	// 																																																}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets a list of application control machine groups for the subscription.
 *
 * @summary Gets a list of application control machine groups for the subscription.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsSubscription_example.json
 */
async function getsAListOfApplicationControlGroupsOfMachinesForTheSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const includePathRecommendations = true;
  const summary = false;
  const options = {
    includePathRecommendations,
    summary,
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.list(options);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsSubscription_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
bool? includePathRecommendations = true;
bool? summary = false;
await foreach (AdaptiveApplicationControlGroupResource item in subscriptionResource.GetAdaptiveApplicationControlGroupsAsync(includePathRecommendations: includePathRecommendations, summary: summary))
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    AdaptiveApplicationControlGroupData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/AMIT-VA",
      "name": "AMIT-VA",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "centralus",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "exe": "Audit",
          "msi": "Audit",
          "script": "None"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-dsc/providers/microsoft.compute/virtualmachines/erelh-14011",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/amit-va/providers/microsoft.compute/virtualmachines/ream-test",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14060",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          }
        ],
        "pathRecommendations": [
          {
            "path": "C:\\Windows\\SoftwareDistribution\\Download\\Install\\Windows-KB890830-x64-V5.53-delta.exe",
            "type": "File",
            "common": true,
            "action": "Remove",
            "usernames": [
              {
                "username": "LOCAL SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-5-18"
            ],
            "fileType": "Exe",
            "configurationStatus": "NoStatus"
          },
          {
            "path": "C:\\WindowsAzure\\GuestAgent_2.7.1198.822\\CollectGuestLogs.exe",
            "type": "File",
            "common": true,
            "action": "Remove",
            "usernames": [
              {
                "username": "LOCAL SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-5-18"
            ],
            "fileType": "Exe",
            "configurationStatus": "NoStatus"
          },
          {
            "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-5-18",
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [],
        "sourceSystem": "Azure_AppLocker"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
      "name": "ERELGROUP1",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "centralus",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "exe": "Audit",
          "msi": "None",
          "script": "None"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
            "recommendationAction": "Recommended",
            "enforcementSupport": "NotSupported"
          }
        ],
        "pathRecommendations": [
          {
            "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [],
        "sourceSystem": "Azure_AppLocker"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/GROUP1",
      "name": "GROUP1",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "centralus",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "exe": "Audit",
          "msi": "None",
          "script": "None"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm-jit",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myresourcegroup/providers/microsoft.compute/virtualmachines/myvmweb",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14061",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          }
        ],
        "pathRecommendations": [
          {
            "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
            "type": "ProductSignature",
            "publisherInfo": {
              "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
              "productName": "MICROSOFT® COREXT",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%PROGRAMFILES%\\RAPID7\\INSIGHT AGENT\\COMPONENTS\\INSIGHT_AGENT\\2.6.7.9\\GET_PROXY.EXE",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=RAPID7 LLC, L=BOSTON, S=MASSACHUSETTS, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%PROGRAMFILES%\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE",
            "type": "ProductSignature",
            "publisherInfo": {
              "publisherName": "O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US",
              "productName": "GOOGLE CHROME",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US\\GOOGLE UPDATE\\*\\0.0.0.0",
            "type": "ProductSignature",
            "publisherInfo": {
              "publisherName": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US",
              "productName": "GOOGLE UPDATE",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [],
        "sourceSystem": "Azure_AppLocker"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/westeurope/applicationWhitelistings/GROUP1",
      "name": "GROUP1",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "westeurope",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "executable": "Audit"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/nic-no-pip/providers/microsoft.compute/virtualmachines/nic-no-pip-vm",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Unknown"
          }
        ],
        "pathRecommendations": [
          {
            "path": "/sbin/init",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/upstart-udev-bridge",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/lib/systemd/systemd-udevd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/upstart-socket-bridge",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/dhclient",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/python3.4",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/upstart-file-bridge",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/dbus-daemon",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "messagebus",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/lib/systemd/systemd-logind",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/getty",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/atd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/cron",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/acpid",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/sshd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_vss_daemon",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_kvp_daemon",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/nscd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "unscd",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/ntpd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "ntp",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/auoms/bin/auomscollect",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/omi/bin/omiserver",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/omi/bin/omiengine",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omi",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/omi/bin/omiagent",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/rsyslogd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "syslog",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/python2.7",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              },
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/omsagent/ruby/bin/ruby",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/auoms/bin/auoms",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/dash",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              },
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/sleep",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/dsc/bin/dsc_host",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/sudo",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/bash",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/apt-get",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/apt/methods/http",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/apt/methods/gpgv",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/apt/methods/copy",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/pgrep",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/omsconfig/bin/omsconsistencyinvoker",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [
          {
            "issue": "ExecutableViolationsAudited",
            "numberOfVms": 1
          }
        ],
        "sourceSystem": "Azure_AuditD"
      }
    }
  ]
}

Definições

Nome	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlGroups	Representa uma lista de grupos de VMs/servidores e um conjunto de regras que são recomendadas pelo Microsoft Defender para Nuvem a serem permitidas
AdaptiveApplicationControlIssue	Um alerta que os computadores dentro de um grupo podem ter
AdaptiveApplicationControlIssueSummary	Representa um resumo dos alertas do grupo de computadores
CloudError	Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).
CloudErrorBody	Os detalhes do erro.
ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
EnforcementSupport	A capacidade de suporte do computador do recurso Impor
ErrorAdditionalInfo	As informações adicionais do erro de gerenciamento de recursos.
FileType	O tipo do arquivo (para arquivos do Linux – Executável é usado)
PathRecommendation	Representa um caminho que é recomendado para ser permitido e suas propriedades
ProtectionMode	O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.
PublisherInfo	Representa as informações do editor de um processo/regra
RecommendationAction	A ação de recomendação do computador ou da regra
RecommendationStatus	A recomendação inicial status do grupo de computadores ou do computador
RecommendationType	O tipo da regra a ser permitida
SourceSystem	O tipo de origem do grupo de computadores
UserRecommendation	Representa um usuário que é recomendado para ser permitido para uma determinada regra
VmRecommendation	Representa um computador que faz parte de um grupo de computadores

AdaptiveApplicationControlGroup

Nome	Tipo	Description
id	string	ID do recurso
location	string	Local em que o recurso está armazenado
name	string	Nome do recurso
properties.configurationStatus	ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
properties.enforcementMode	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
properties.issues	AdaptiveApplicationControlIssueSummary[]	Representa um resumo dos alertas do grupo de computadores
properties.pathRecommendations	PathRecommendation[]	Representa um caminho que é recomendado para ser permitido e suas propriedades
properties.protectionMode	ProtectionMode	O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.
properties.recommendationStatus	RecommendationStatus	A recomendação inicial status do grupo de computadores ou do computador
properties.sourceSystem	SourceSystem	O tipo de origem do grupo de computadores
properties.vmRecommendations	VmRecommendation[]	Representa um computador que faz parte de um grupo de computadores
type	string	Tipo de recurso

AdaptiveApplicationControlGroups

Representa uma lista de grupos de VMs/servidores e um conjunto de regras que são recomendadas pelo Microsoft Defender para Nuvem a serem permitidas

Nome	Tipo	Description
value	AdaptiveApplicationControlGroup[]

AdaptiveApplicationControlIssue

Um alerta que os computadores dentro de um grupo podem ter

Nome	Tipo	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

Representa um resumo dos alertas do grupo de computadores

Nome	Tipo	Description
issue	AdaptiveApplicationControlIssue	Um alerta que os computadores dentro de um grupo podem ter
numberOfVms	number	O número de computadores no grupo que têm esse alerta

CloudError

Resposta de erro comum para todas as APIs do Azure Resource Manager para retornar detalhes de erro de operações com falha. (Isso também segue o formato de resposta de erro OData.).

Nome	Tipo	Description
error.additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
error.code	string	O código de erro.
error.details	CloudErrorBody[]	Os detalhes do erro.
error.message	string	A mensagem de erro.
error.target	string	O destino do erro.

CloudErrorBody

Os detalhes do erro.

Nome	Tipo	Description
additionalInfo	ErrorAdditionalInfo[]	As informações adicionais do erro.
code	string	O código de erro.
details	CloudErrorBody[]	Os detalhes do erro.
message	string	A mensagem de erro.
target	string	O destino do erro.

ConfigurationStatus

O status de configuração do grupo de computadores ou computador ou regra

Nome	Tipo	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores

Nome	Tipo	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

A capacidade de suporte do computador do recurso Impor

Nome	Tipo	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

As informações adicionais do erro de gerenciamento de recursos.

Nome	Tipo	Description
info	object	As informações adicionais.
type	string	O tipo de informação adicional.

FileType

O tipo do arquivo (para arquivos do Linux – Executável é usado)

Nome	Tipo	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

Representa um caminho que é recomendado para ser permitido e suas propriedades

Nome	Tipo	Description
action	RecommendationAction	A ação de recomendação do computador ou da regra
common	boolean	Se o aplicativo normalmente é executado no computador
configurationStatus	ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
fileType	FileType	O tipo do arquivo (para arquivos do Linux – Executável é usado)
path	string	O caminho completo do arquivo ou um identificador do aplicativo
publisherInfo	PublisherInfo	Representa as informações do editor de um processo/regra
type	RecommendationType	O tipo da regra a ser permitida
userSids	string[]	Um identificador de segurança
usernames	UserRecommendation[]	Representa um usuário que é recomendado para ser permitido para uma determinada regra

ProtectionMode

O modo de proteção dos tipos de coleção/arquivo. Exe/Msi/Script são usados para Windows, Executável é usado para Linux.

Nome	Tipo	Description
exe	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
executable	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
msi	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores
script	EnforcementMode	O modo de imposição/proteção da política de controle de aplicativo do grupo de computadores

PublisherInfo

Representa as informações do editor de um processo/regra

Nome	Tipo	Description
binaryName	string	O campo "OriginalName" retirado do recurso de versão do arquivo
productName	string	O nome do produto retirado do recurso de versão do arquivo
publisherName	string	O campo Assunto do certificado x.509 usado para assinar o código, usando os seguintes campos - O = Organização, L = Localidade, S = Estado ou Província e C = País
version	string	A versão do arquivo binário obtida do recurso de versão do arquivo

RecommendationAction

A ação de recomendação do computador ou da regra

Nome	Tipo	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

A recomendação inicial status do grupo de computadores ou do computador

Nome	Tipo	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

O tipo da regra a ser permitida

Nome	Tipo	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

O tipo de origem do grupo de computadores

Nome	Tipo	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

Representa um usuário que é recomendado para ser permitido para uma determinada regra

Nome	Tipo	Description
recommendationAction	RecommendationAction	A ação de recomendação do computador ou da regra
username	string	Representa um usuário que é recomendado para ser permitido para uma determinada regra

VmRecommendation

Representa um computador que faz parte de um grupo de computadores

Nome	Tipo	Description
configurationStatus	ConfigurationStatus	O status de configuração do grupo de computadores ou computador ou regra
enforcementSupport	EnforcementSupport	A capacidade de suporte do computador do recurso Impor
recommendationAction	RecommendationAction	A ação de recomendação do computador ou da regra
resourceId	string	A ID de recurso completa do computador