Microsoft.Security locations/applicationWhitelistings 2015-06-01-preview
Bicep resource definition
The locations/applicationWhitelistings resource type can be deployed with operations that target:
- Subscriptions - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/locations/applicationWhitelistings resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/locations/applicationWhitelistings@2015-06-01-preview' = {
name: 'string'
parent: resourceSymbolicName
enforcementMode: 'string'
pathRecommendations: [
{
action: 'string'
common: bool
configurationStatus: 'string'
fileType: 'string'
path: 'string'
publisherInfo: {
binaryName: 'string'
productName: 'string'
publisherName: 'string'
version: 'string'
}
type: 'string'
usernames: [
{
recommendationAction: 'string'
username: 'string'
}
]
userSids: [
'string'
]
}
]
protectionMode: {
exe: 'string'
executable: 'string'
msi: 'string'
script: 'string'
}
vmRecommendations: [
{
configurationStatus: 'string'
enforcementSupport: 'string'
recommendationAction: 'string'
resourceId: 'string'
}
]
}
Property values
locations/applicationWhitelistings
Name | Description | Value |
---|---|---|
name | The resource name See how to set names and types for child resources in Bicep. |
string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: locations |
enforcementMode | The enforcement mode of the group. Can also be defined per collection type by using ProtectionMode | 'Audit' 'Enforce' 'None' |
pathRecommendations | PathRecommendation[] | |
protectionMode | The protection mode of the group per collection type. Can also be defined for all collection types by using EnforcementMode | ProtectionMode |
vmRecommendations | VmRecommendation[] |
PathRecommendation
Name | Description | Value |
---|---|---|
action | The recommendation action of the VM/server or rule | 'Add' 'Recommended' 'Remove' |
common | Whether the path is commonly run on the machine | bool |
configurationStatus | The configuration status of the VM/server group or machine or rule on the machine | 'Configured' 'Failed' 'InProgress' 'NoStatus' 'NotConfigured' |
fileType | The type of the file (for Linux files - Executable is used) | 'Dll' 'Exe' 'Executable' 'Msi' 'Script' 'Unknown' |
path | The full path to the application to allow | string |
publisherInfo | Represents the publisher information of a process/rule | PublisherInfo |
type | The type of the rule to be allowed | 'BinarySignature' 'File' 'FileHash' 'ProductSignature' 'PublisherSignature' 'VersionAndAboveSignature' |
usernames | UserRecommendation[] | |
userSids | string[] |
PublisherInfo
Name | Description | Value |
---|---|---|
binaryName | The "OriginalName" field taken from the file's version resource | string |
productName | The product name taken from the file's version resource | string |
publisherName | The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country | string |
version | The binary file version taken from the file's version resource | string |
UserRecommendation
Name | Description | Value |
---|---|---|
recommendationAction | The recommendation action of the VM/server or rule | 'Add' 'Recommended' 'Remove' |
username | Represents a user that is recommended to be allowed for a certain rule | string |
ProtectionMode
Name | Description | Value |
---|---|---|
exe | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
executable | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
msi | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
script | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
VmRecommendation
Name | Description | Value |
---|---|---|
configurationStatus | The configuration status of the VM/server group or machine or rule on the machine | 'Configured' 'Failed' 'InProgress' 'NoStatus' 'NotConfigured' |
enforcementSupport | The VM/server supportability of Enforce feature | 'NotSupported' 'Supported' 'Unknown' |
recommendationAction | The recommendation action of the VM/server or rule | 'Add' 'Recommended' 'Remove' |
resourceId | The full azure resource id of the machine | string |
ARM template resource definition
The locations/applicationWhitelistings resource type can be deployed with operations that target:
- Subscriptions - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/locations/applicationWhitelistings resource, add the following JSON to your template.
{
"type": "Microsoft.Security/locations/applicationWhitelistings",
"apiVersion": "2015-06-01-preview",
"name": "string",
"enforcementMode": "string",
"pathRecommendations": [
{
"action": "string",
"common": "bool",
"configurationStatus": "string",
"fileType": "string",
"path": "string",
"publisherInfo": {
"binaryName": "string",
"productName": "string",
"publisherName": "string",
"version": "string"
},
"type": "string",
"usernames": [
{
"recommendationAction": "string",
"username": "string"
}
],
"userSids": [ "string" ]
}
],
"protectionMode": {
"exe": "string",
"executable": "string",
"msi": "string",
"script": "string"
},
"vmRecommendations": [
{
"configurationStatus": "string",
"enforcementSupport": "string",
"recommendationAction": "string",
"resourceId": "string"
}
]
}
Property values
locations/applicationWhitelistings
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Security/locations/applicationWhitelistings' |
apiVersion | The resource api version | '2015-06-01-preview' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
enforcementMode | The enforcement mode of the group. Can also be defined per collection type by using ProtectionMode | 'Audit' 'Enforce' 'None' |
pathRecommendations | PathRecommendation[] | |
protectionMode | The protection mode of the group per collection type. Can also be defined for all collection types by using EnforcementMode | ProtectionMode |
vmRecommendations | VmRecommendation[] |
PathRecommendation
Name | Description | Value |
---|---|---|
action | The recommendation action of the VM/server or rule | 'Add' 'Recommended' 'Remove' |
common | Whether the path is commonly run on the machine | bool |
configurationStatus | The configuration status of the VM/server group or machine or rule on the machine | 'Configured' 'Failed' 'InProgress' 'NoStatus' 'NotConfigured' |
fileType | The type of the file (for Linux files - Executable is used) | 'Dll' 'Exe' 'Executable' 'Msi' 'Script' 'Unknown' |
path | The full path to the application to allow | string |
publisherInfo | Represents the publisher information of a process/rule | PublisherInfo |
type | The type of the rule to be allowed | 'BinarySignature' 'File' 'FileHash' 'ProductSignature' 'PublisherSignature' 'VersionAndAboveSignature' |
usernames | UserRecommendation[] | |
userSids | string[] |
PublisherInfo
Name | Description | Value |
---|---|---|
binaryName | The "OriginalName" field taken from the file's version resource | string |
productName | The product name taken from the file's version resource | string |
publisherName | The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country | string |
version | The binary file version taken from the file's version resource | string |
UserRecommendation
Name | Description | Value |
---|---|---|
recommendationAction | The recommendation action of the VM/server or rule | 'Add' 'Recommended' 'Remove' |
username | Represents a user that is recommended to be allowed for a certain rule | string |
ProtectionMode
Name | Description | Value |
---|---|---|
exe | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
executable | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
msi | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
script | The application control policy enforcement/protection mode of the VM/server group | 'Audit' 'Enforce' 'None' |
VmRecommendation
Name | Description | Value |
---|---|---|
configurationStatus | The configuration status of the VM/server group or machine or rule on the machine | 'Configured' 'Failed' 'InProgress' 'NoStatus' 'NotConfigured' |
enforcementSupport | The VM/server supportability of Enforce feature | 'NotSupported' 'Supported' 'Unknown' |
recommendationAction | The recommendation action of the VM/server or rule | 'Add' 'Recommended' 'Remove' |
resourceId | The full azure resource id of the machine | string |
Terraform (AzAPI provider) resource definition
The locations/applicationWhitelistings resource type can be deployed with operations that target:
- Subscriptions
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/locations/applicationWhitelistings resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/locations/applicationWhitelistings@2015-06-01-preview"
name = "string"
parent_id = "string"
body = jsonencode({
enforcementMode = "string"
pathRecommendations = [
{
action = "string"
common = bool
configurationStatus = "string"
fileType = "string"
path = "string"
publisherInfo = {
binaryName = "string"
productName = "string"
publisherName = "string"
version = "string"
}
type = "string"
usernames = [
{
recommendationAction = "string"
username = "string"
}
]
userSids = [
"string"
]
}
]
protectionMode = {
exe = "string"
executable = "string"
msi = "string"
script = "string"
}
vmRecommendations = [
{
configurationStatus = "string"
enforcementSupport = "string"
recommendationAction = "string"
resourceId = "string"
}
]
})
}
Property values
locations/applicationWhitelistings
Name | Description | Value |
---|---|---|
type | The resource type | "Microsoft.Security/locations/applicationWhitelistings@2015-06-01-preview" |
name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: locations |
enforcementMode | The enforcement mode of the group. Can also be defined per collection type by using ProtectionMode | "Audit" "Enforce" "None" |
pathRecommendations | PathRecommendation[] | |
protectionMode | The protection mode of the group per collection type. Can also be defined for all collection types by using EnforcementMode | ProtectionMode |
vmRecommendations | VmRecommendation[] |
PathRecommendation
Name | Description | Value |
---|---|---|
action | The recommendation action of the VM/server or rule | "Add" "Recommended" "Remove" |
common | Whether the path is commonly run on the machine | bool |
configurationStatus | The configuration status of the VM/server group or machine or rule on the machine | "Configured" "Failed" "InProgress" "NoStatus" "NotConfigured" |
fileType | The type of the file (for Linux files - Executable is used) | "Dll" "Exe" "Executable" "Msi" "Script" "Unknown" |
path | The full path to the application to allow | string |
publisherInfo | Represents the publisher information of a process/rule | PublisherInfo |
type | The type of the rule to be allowed | "BinarySignature" "File" "FileHash" "ProductSignature" "PublisherSignature" "VersionAndAboveSignature" |
usernames | UserRecommendation[] | |
userSids | string[] |
PublisherInfo
Name | Description | Value |
---|---|---|
binaryName | The "OriginalName" field taken from the file's version resource | string |
productName | The product name taken from the file's version resource | string |
publisherName | The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country | string |
version | The binary file version taken from the file's version resource | string |
UserRecommendation
Name | Description | Value |
---|---|---|
recommendationAction | The recommendation action of the VM/server or rule | "Add" "Recommended" "Remove" |
username | Represents a user that is recommended to be allowed for a certain rule | string |
ProtectionMode
Name | Description | Value |
---|---|---|
exe | The application control policy enforcement/protection mode of the VM/server group | "Audit" "Enforce" "None" |
executable | The application control policy enforcement/protection mode of the VM/server group | "Audit" "Enforce" "None" |
msi | The application control policy enforcement/protection mode of the VM/server group | "Audit" "Enforce" "None" |
script | The application control policy enforcement/protection mode of the VM/server group | "Audit" "Enforce" "None" |
VmRecommendation
Name | Description | Value |
---|---|---|
configurationStatus | The configuration status of the VM/server group or machine or rule on the machine | "Configured" "Failed" "InProgress" "NoStatus" "NotConfigured" |
enforcementSupport | The VM/server supportability of Enforce feature | "NotSupported" "Supported" "Unknown" |
recommendationAction | The recommendation action of the VM/server or rule | "Add" "Recommended" "Remove" |
resourceId | The full azure resource id of the machine | string |
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for