Adaptive Application Controls - List

Reference

Service:: Defender for Cloud

API Version:: 2020-01-01

Gets a list of application control machine groups for the subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01&includePathRecommendations={includePathRecommendations}&summary={summary}

URI Parameters

Name	In	Required	Type	Description
subscriptionId	path	True	string	Azure subscription ID Regex pattern: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`
api-version	query	True	string	API version for the operation
includePathRecommendations	query		boolean	Include the policy rules
summary	query		boolean	Return output in a summarized form

Responses

Name	Type	Description
200 OK	AdaptiveApplicationControlGroups	OK
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

Gets a list of application control groups of machines for the subscription

Sample Request

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/applicationWhitelistings?api-version=2020-01-01&includePathRecommendations=True&summary=False


/**
 * Samples for AdaptiveApplicationControls List.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/
     * GetAdaptiveApplicationControlsSubscription_example.json
     */
    /**
     * Sample code: Gets a list of application control groups of machines for the subscription.
     * 
     * @param manager Entry point to SecurityManager.
     */
    public static void getsAListOfApplicationControlGroupsOfMachinesForTheSubscription(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager.adaptiveApplicationControls().listWithResponse(true, false, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsSubscription_example.json
func ExampleAdaptiveApplicationControlsClient_List() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().List(ctx, &armsecurity.AdaptiveApplicationControlsClientListOptions{IncludePathRecommendations: to.Ptr(true),
		Summary: to.Ptr(false),
	})
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroups = armsecurity.AdaptiveApplicationControlGroups{
	// 	Value: []*armsecurity.AdaptiveApplicationControlGroup{
	// 		{
	// 			Location: to.Ptr("centralus"),
	// 			Name: to.Ptr("AMIT-VA"),
	// 			Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 			ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/AMIT-VA"),
	// 			Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 				Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 				},
	// 				PathRecommendations: []*armsecurity.PathRecommendation{
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 						Path: to.Ptr("C:\\Windows\\SoftwareDistribution\\Download\\Install\\Windows-KB890830-x64-V5.53-delta.exe"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRemove),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNoStatus),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-5-18")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("LOCAL SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\WindowsAzure\\GuestAgent_2.7.1198.822\\CollectGuestLogs.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionRemove),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusNoStatus),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-5-18")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("LOCAL SYSTEM"),
	// 								}},
	// 							},
	// 							{
	// 								Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 								Path: to.Ptr("C:\\Windows\\System32\\wbem\\WmiPrvSE.exe"),
	// 								Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Common: to.Ptr(true),
	// 								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 								FileType: to.Ptr(armsecurity.FileTypeExe),
	// 								PublisherInfo: &armsecurity.PublisherInfo{
	// 									BinaryName: to.Ptr("*"),
	// 									ProductName: to.Ptr("*"),
	// 									PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 									Version: to.Ptr("0.0.0.0"),
	// 								},
	// 								UserSids: []*string{
	// 									to.Ptr("S-1-5-18"),
	// 									to.Ptr("S-1-1-0")},
	// 									Usernames: []*armsecurity.UserRecommendation{
	// 										{
	// 											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 											Username: to.Ptr("Everyone"),
	// 									}},
	// 								},
	// 								{
	// 									Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 									Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 									Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Common: to.Ptr(true),
	// 									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 									FileType: to.Ptr(armsecurity.FileTypeExe),
	// 									UserSids: []*string{
	// 										to.Ptr("S-1-1-0")},
	// 										Usernames: []*armsecurity.UserRecommendation{
	// 											{
	// 												RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 												Username: to.Ptr("Everyone"),
	// 										}},
	// 								}},
	// 								ProtectionMode: &armsecurity.ProtectionMode{
	// 									Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 									Msi: to.Ptr(armsecurity.EnforcementModeAudit),
	// 									Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 								},
	// 								RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 								SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 								VMRecommendations: []*armsecurity.VMRecommendation{
	// 									{
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-dsc/providers/microsoft.compute/virtualmachines/erelh-14011"),
	// 									},
	// 									{
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/amit-va/providers/microsoft.compute/virtualmachines/ream-test"),
	// 									},
	// 									{
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14060"),
	// 								}},
	// 							},
	// 						},
	// 						{
	// 							Location: to.Ptr("centralus"),
	// 							Name: to.Ptr("ERELGROUP1"),
	// 							Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 							ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 							Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 								EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 								Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 								},
	// 								PathRecommendations: []*armsecurity.PathRecommendation{
	// 									{
	// 										Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 										Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 										Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Common: to.Ptr(true),
	// 										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 										FileType: to.Ptr(armsecurity.FileTypeExe),
	// 										PublisherInfo: &armsecurity.PublisherInfo{
	// 											BinaryName: to.Ptr("*"),
	// 											ProductName: to.Ptr("*"),
	// 											PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 											Version: to.Ptr("0.0.0.0"),
	// 										},
	// 										UserSids: []*string{
	// 											to.Ptr("S-1-1-0")},
	// 											Usernames: []*armsecurity.UserRecommendation{
	// 												{
	// 													RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 													Username: to.Ptr("Everyone"),
	// 											}},
	// 									}},
	// 									ProtectionMode: &armsecurity.ProtectionMode{
	// 										Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 										Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 										Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 									},
	// 									RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 									SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 									VMRecommendations: []*armsecurity.VMRecommendation{
	// 										{
	// 											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 											EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportNotSupported),
	// 											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 											ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 									}},
	// 								},
	// 							},
	// 							{
	// 								Location: to.Ptr("centralus"),
	// 								Name: to.Ptr("GROUP1"),
	// 								Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 								ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/GROUP1"),
	// 								Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 									EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 									Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 									},
	// 									PathRecommendations: []*armsecurity.PathRecommendation{
	// 										{
	// 											Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 											Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 											Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 											Common: to.Ptr(true),
	// 											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 											FileType: to.Ptr(armsecurity.FileTypeExe),
	// 											PublisherInfo: &armsecurity.PublisherInfo{
	// 												BinaryName: to.Ptr("*"),
	// 												ProductName: to.Ptr("*"),
	// 												PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 												Version: to.Ptr("0.0.0.0"),
	// 											},
	// 											UserSids: []*string{
	// 												to.Ptr("S-1-1-0")},
	// 												Usernames: []*armsecurity.UserRecommendation{
	// 													{
	// 														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 														Username: to.Ptr("Everyone"),
	// 												}},
	// 											},
	// 											{
	// 												Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 												Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 												Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 												Common: to.Ptr(true),
	// 												ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 												FileType: to.Ptr(armsecurity.FileTypeExe),
	// 												PublisherInfo: &armsecurity.PublisherInfo{
	// 													BinaryName: to.Ptr("*"),
	// 													ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 													PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 													Version: to.Ptr("0.0.0.0"),
	// 												},
	// 												UserSids: []*string{
	// 													to.Ptr("S-1-1-0")},
	// 													Usernames: []*armsecurity.UserRecommendation{
	// 														{
	// 															RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 															Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 													}},
	// 												},
	// 												{
	// 													Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 													Path: to.Ptr("%PROGRAMFILES%\\RAPID7\\INSIGHT AGENT\\COMPONENTS\\INSIGHT_AGENT\\2.6.7.9\\GET_PROXY.EXE"),
	// 													Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 													Common: to.Ptr(true),
	// 													ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 													FileType: to.Ptr(armsecurity.FileTypeExe),
	// 													PublisherInfo: &armsecurity.PublisherInfo{
	// 														BinaryName: to.Ptr("*"),
	// 														ProductName: to.Ptr("*"),
	// 														PublisherName: to.Ptr("O=RAPID7 LLC, L=BOSTON, S=MASSACHUSETTS, C=US"),
	// 														Version: to.Ptr("0.0.0.0"),
	// 													},
	// 													UserSids: []*string{
	// 														to.Ptr("S-1-1-0")},
	// 														Usernames: []*armsecurity.UserRecommendation{
	// 															{
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 														}},
	// 													},
	// 													{
	// 														Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 														Path: to.Ptr("%PROGRAMFILES%\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE"),
	// 														Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 														Common: to.Ptr(true),
	// 														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 														FileType: to.Ptr(armsecurity.FileTypeExe),
	// 														PublisherInfo: &armsecurity.PublisherInfo{
	// 															BinaryName: to.Ptr("*"),
	// 															ProductName: to.Ptr("GOOGLE CHROME"),
	// 															PublisherName: to.Ptr("O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US"),
	// 															Version: to.Ptr("0.0.0.0"),
	// 														},
	// 														UserSids: []*string{
	// 															to.Ptr("S-1-1-0")},
	// 															Usernames: []*armsecurity.UserRecommendation{
	// 																{
	// 																	RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																	Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 															}},
	// 														},
	// 														{
	// 															Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 															Path: to.Ptr("O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US\\GOOGLE UPDATE\\*\\0.0.0.0"),
	// 															Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 															Common: to.Ptr(true),
	// 															ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 															FileType: to.Ptr(armsecurity.FileTypeExe),
	// 															PublisherInfo: &armsecurity.PublisherInfo{
	// 																BinaryName: to.Ptr("*"),
	// 																ProductName: to.Ptr("GOOGLE UPDATE"),
	// 																PublisherName: to.Ptr("O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US"),
	// 																Version: to.Ptr("0.0.0.0"),
	// 															},
	// 															UserSids: []*string{
	// 																to.Ptr("S-1-1-0")},
	// 																Usernames: []*armsecurity.UserRecommendation{
	// 																	{
	// 																		RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																		Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 																}},
	// 														}},
	// 														ProtectionMode: &armsecurity.ProtectionMode{
	// 															Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 															Msi: to.Ptr(armsecurity.EnforcementModeNone),
	// 															Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 														},
	// 														RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 														SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 														VMRecommendations: []*armsecurity.VMRecommendation{
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm"),
	// 															},
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm-jit"),
	// 															},
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myresourcegroup/providers/microsoft.compute/virtualmachines/myvmweb"),
	// 															},
	// 															{
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14061"),
	// 														}},
	// 													},
	// 												},
	// 												{
	// 													Location: to.Ptr("westeurope"),
	// 													Name: to.Ptr("GROUP1"),
	// 													Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 													ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/westeurope/applicationWhitelistings/GROUP1"),
	// 													Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 														EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 														Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 															{
	// 																Issue: to.Ptr(armsecurity.AdaptiveApplicationControlIssueExecutableViolationsAudited),
	// 																NumberOfVMs: to.Ptr[float32](1),
	// 														}},
	// 														PathRecommendations: []*armsecurity.PathRecommendation{
	// 															{
	// 																Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																Path: to.Ptr("/sbin/init"),
	// 																Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																Common: to.Ptr(true),
	// 																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																UserSids: []*string{
	// 																	to.Ptr("S-1-1-0")},
	// 																	Usernames: []*armsecurity.UserRecommendation{
	// 																		{
	// 																			RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																			Username: to.Ptr("root"),
	// 																	}},
	// 																},
	// 																{
	// 																	Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																	Path: to.Ptr("/sbin/upstart-udev-bridge"),
	// 																	Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																	Common: to.Ptr(true),
	// 																	ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																	FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																	UserSids: []*string{
	// 																		to.Ptr("S-1-1-0")},
	// 																		Usernames: []*armsecurity.UserRecommendation{
	// 																			{
	// 																				RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																				Username: to.Ptr("root"),
	// 																		}},
	// 																	},
	// 																	{
	// 																		Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																		Path: to.Ptr("/lib/systemd/systemd-udevd"),
	// 																		Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																		Common: to.Ptr(true),
	// 																		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																		FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																		UserSids: []*string{
	// 																			to.Ptr("S-1-1-0")},
	// 																			Usernames: []*armsecurity.UserRecommendation{
	// 																				{
	// 																					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																					Username: to.Ptr("root"),
	// 																			}},
	// 																		},
	// 																		{
	// 																			Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																			Path: to.Ptr("/sbin/upstart-socket-bridge"),
	// 																			Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																			Common: to.Ptr(true),
	// 																			ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																			FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																			UserSids: []*string{
	// 																				to.Ptr("S-1-1-0")},
	// 																				Usernames: []*armsecurity.UserRecommendation{
	// 																					{
	// 																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																						Username: to.Ptr("root"),
	// 																				}},
	// 																			},
	// 																			{
	// 																				Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																				Path: to.Ptr("/sbin/dhclient"),
	// 																				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																				Common: to.Ptr(true),
	// 																				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																				FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																				UserSids: []*string{
	// 																					to.Ptr("S-1-1-0")},
	// 																					Usernames: []*armsecurity.UserRecommendation{
	// 																						{
	// 																							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																							Username: to.Ptr("root"),
	// 																					}},
	// 																				},
	// 																				{
	// 																					Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																					Path: to.Ptr("/usr/bin/python3.4"),
	// 																					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																					Common: to.Ptr(true),
	// 																					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																					FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																					UserSids: []*string{
	// 																						to.Ptr("S-1-1-0")},
	// 																						Usernames: []*armsecurity.UserRecommendation{
	// 																							{
	// 																								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																								Username: to.Ptr("root"),
	// 																						}},
	// 																					},
	// 																					{
	// 																						Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																						Path: to.Ptr("/sbin/upstart-file-bridge"),
	// 																						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																						Common: to.Ptr(true),
	// 																						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																						FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																						UserSids: []*string{
	// 																							to.Ptr("S-1-1-0")},
	// 																							Usernames: []*armsecurity.UserRecommendation{
	// 																								{
	// 																									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																									Username: to.Ptr("root"),
	// 																							}},
	// 																						},
	// 																						{
	// 																							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																							Path: to.Ptr("/bin/dbus-daemon"),
	// 																							Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																							Common: to.Ptr(true),
	// 																							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																							FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																							UserSids: []*string{
	// 																								to.Ptr("S-1-1-0")},
	// 																								Usernames: []*armsecurity.UserRecommendation{
	// 																									{
	// 																										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																										Username: to.Ptr("messagebus"),
	// 																								}},
	// 																							},
	// 																							{
	// 																								Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																								Path: to.Ptr("/lib/systemd/systemd-logind"),
	// 																								Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																								Common: to.Ptr(true),
	// 																								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																								FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																								UserSids: []*string{
	// 																									to.Ptr("S-1-1-0")},
	// 																									Usernames: []*armsecurity.UserRecommendation{
	// 																										{
	// 																											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																											Username: to.Ptr("root"),
	// 																									}},
	// 																								},
	// 																								{
	// 																									Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																									Path: to.Ptr("/sbin/getty"),
	// 																									Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																									Common: to.Ptr(true),
	// 																									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																									FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																									UserSids: []*string{
	// 																										to.Ptr("S-1-1-0")},
	// 																										Usernames: []*armsecurity.UserRecommendation{
	// 																											{
	// 																												RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																												Username: to.Ptr("root"),
	// 																										}},
	// 																									},
	// 																									{
	// 																										Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																										Path: to.Ptr("/usr/sbin/atd"),
	// 																										Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																										Common: to.Ptr(true),
	// 																										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																										FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																										UserSids: []*string{
	// 																											to.Ptr("S-1-1-0")},
	// 																											Usernames: []*armsecurity.UserRecommendation{
	// 																												{
	// 																													RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																													Username: to.Ptr("root"),
	// 																											}},
	// 																										},
	// 																										{
	// 																											Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																											Path: to.Ptr("/usr/sbin/cron"),
	// 																											Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																											Common: to.Ptr(true),
	// 																											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																											FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																											UserSids: []*string{
	// 																												to.Ptr("S-1-1-0")},
	// 																												Usernames: []*armsecurity.UserRecommendation{
	// 																													{
	// 																														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																														Username: to.Ptr("root"),
	// 																												}},
	// 																											},
	// 																											{
	// 																												Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																												Path: to.Ptr("/usr/sbin/acpid"),
	// 																												Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																												Common: to.Ptr(true),
	// 																												ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																												FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																												UserSids: []*string{
	// 																													to.Ptr("S-1-1-0")},
	// 																													Usernames: []*armsecurity.UserRecommendation{
	// 																														{
	// 																															RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																															Username: to.Ptr("root"),
	// 																													}},
	// 																												},
	// 																												{
	// 																													Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																													Path: to.Ptr("/usr/sbin/sshd"),
	// 																													Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																													Common: to.Ptr(true),
	// 																													ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																													FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																													UserSids: []*string{
	// 																														to.Ptr("S-1-1-0")},
	// 																														Usernames: []*armsecurity.UserRecommendation{
	// 																															{
	// 																																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																Username: to.Ptr("root"),
	// 																														}},
	// 																													},
	// 																													{
	// 																														Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																														Path: to.Ptr("/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_vss_daemon"),
	// 																														Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																														Common: to.Ptr(true),
	// 																														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																														FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																														UserSids: []*string{
	// 																															to.Ptr("S-1-1-0")},
	// 																															Usernames: []*armsecurity.UserRecommendation{
	// 																																{
	// 																																	RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																	Username: to.Ptr("root"),
	// 																															}},
	// 																														},
	// 																														{
	// 																															Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																															Path: to.Ptr("/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_kvp_daemon"),
	// 																															Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																															Common: to.Ptr(true),
	// 																															ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																															FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																															UserSids: []*string{
	// 																																to.Ptr("S-1-1-0")},
	// 																																Usernames: []*armsecurity.UserRecommendation{
	// 																																	{
	// 																																		RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																		Username: to.Ptr("root"),
	// 																																}},
	// 																															},
	// 																															{
	// 																																Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																Path: to.Ptr("/usr/sbin/nscd"),
	// 																																Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																Common: to.Ptr(true),
	// 																																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																UserSids: []*string{
	// 																																	to.Ptr("S-1-1-0")},
	// 																																	Usernames: []*armsecurity.UserRecommendation{
	// 																																		{
	// 																																			RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																			Username: to.Ptr("unscd"),
	// 																																	}},
	// 																																},
	// 																																{
	// 																																	Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																	Path: to.Ptr("/usr/sbin/ntpd"),
	// 																																	Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																	Common: to.Ptr(true),
	// 																																	ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																	FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																	UserSids: []*string{
	// 																																		to.Ptr("S-1-1-0")},
	// 																																		Usernames: []*armsecurity.UserRecommendation{
	// 																																			{
	// 																																				RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																				Username: to.Ptr("ntp"),
	// 																																		}},
	// 																																	},
	// 																																	{
	// 																																		Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																		Path: to.Ptr("/opt/microsoft/auoms/bin/auomscollect"),
	// 																																		Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																		Common: to.Ptr(true),
	// 																																		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																		FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																		UserSids: []*string{
	// 																																			to.Ptr("S-1-1-0")},
	// 																																			Usernames: []*armsecurity.UserRecommendation{
	// 																																				{
	// 																																					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																					Username: to.Ptr("root"),
	// 																																			}},
	// 																																		},
	// 																																		{
	// 																																			Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																			Path: to.Ptr("/opt/omi/bin/omiserver"),
	// 																																			Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																			Common: to.Ptr(true),
	// 																																			ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																			FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																			UserSids: []*string{
	// 																																				to.Ptr("S-1-1-0")},
	// 																																				Usernames: []*armsecurity.UserRecommendation{
	// 																																					{
	// 																																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																						Username: to.Ptr("root"),
	// 																																				}},
	// 																																			},
	// 																																			{
	// 																																				Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																				Path: to.Ptr("/opt/omi/bin/omiengine"),
	// 																																				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																				Common: to.Ptr(true),
	// 																																				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																				FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																				UserSids: []*string{
	// 																																					to.Ptr("S-1-1-0")},
	// 																																					Usernames: []*armsecurity.UserRecommendation{
	// 																																						{
	// 																																							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																							Username: to.Ptr("omi"),
	// 																																					}},
	// 																																				},
	// 																																				{
	// 																																					Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																					Path: to.Ptr("/opt/omi/bin/omiagent"),
	// 																																					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																					Common: to.Ptr(true),
	// 																																					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																					FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																					UserSids: []*string{
	// 																																						to.Ptr("S-1-1-0")},
	// 																																						Usernames: []*armsecurity.UserRecommendation{
	// 																																							{
	// 																																								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																								Username: to.Ptr("root"),
	// 																																						}},
	// 																																					},
	// 																																					{
	// 																																						Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																						Path: to.Ptr("/usr/sbin/rsyslogd"),
	// 																																						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																						Common: to.Ptr(true),
	// 																																						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																						FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																						UserSids: []*string{
	// 																																							to.Ptr("S-1-1-0")},
	// 																																							Usernames: []*armsecurity.UserRecommendation{
	// 																																								{
	// 																																									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																									Username: to.Ptr("syslog"),
	// 																																							}},
	// 																																						},
	// 																																						{
	// 																																							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																							Path: to.Ptr("/usr/bin/python2.7"),
	// 																																							Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																							Common: to.Ptr(true),
	// 																																							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																							FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																							UserSids: []*string{
	// 																																								to.Ptr("S-1-1-0")},
	// 																																								Usernames: []*armsecurity.UserRecommendation{
	// 																																									{
	// 																																										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																										Username: to.Ptr("root"),
	// 																																									},
	// 																																									{
	// 																																										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																										Username: to.Ptr("omsagent"),
	// 																																								}},
	// 																																							},
	// 																																							{
	// 																																								Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																								Path: to.Ptr("/opt/microsoft/omsagent/ruby/bin/ruby"),
	// 																																								Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																								Common: to.Ptr(true),
	// 																																								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																								FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																								UserSids: []*string{
	// 																																									to.Ptr("S-1-1-0")},
	// 																																									Usernames: []*armsecurity.UserRecommendation{
	// 																																										{
	// 																																											RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																											Username: to.Ptr("omsagent"),
	// 																																									}},
	// 																																								},
	// 																																								{
	// 																																									Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																									Path: to.Ptr("/opt/microsoft/auoms/bin/auoms"),
	// 																																									Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																									Common: to.Ptr(true),
	// 																																									ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																									FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																									UserSids: []*string{
	// 																																										to.Ptr("S-1-1-0")},
	// 																																										Usernames: []*armsecurity.UserRecommendation{
	// 																																											{
	// 																																												RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																												Username: to.Ptr("root"),
	// 																																										}},
	// 																																									},
	// 																																									{
	// 																																										Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																										Path: to.Ptr("/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent"),
	// 																																										Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																										Common: to.Ptr(true),
	// 																																										ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																										FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																										UserSids: []*string{
	// 																																											to.Ptr("S-1-1-0")},
	// 																																											Usernames: []*armsecurity.UserRecommendation{
	// 																																												{
	// 																																													RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																													Username: to.Ptr("root"),
	// 																																											}},
	// 																																										},
	// 																																										{
	// 																																											Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																											Path: to.Ptr("/bin/dash"),
	// 																																											Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																											Common: to.Ptr(true),
	// 																																											ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																											FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																											UserSids: []*string{
	// 																																												to.Ptr("S-1-1-0")},
	// 																																												Usernames: []*armsecurity.UserRecommendation{
	// 																																													{
	// 																																														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																														Username: to.Ptr("omsagent"),
	// 																																													},
	// 																																													{
	// 																																														RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																														Username: to.Ptr("root"),
	// 																																												}},
	// 																																											},
	// 																																											{
	// 																																												Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																												Path: to.Ptr("/bin/sleep"),
	// 																																												Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																												Common: to.Ptr(true),
	// 																																												ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																												FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																												UserSids: []*string{
	// 																																													to.Ptr("S-1-1-0")},
	// 																																													Usernames: []*armsecurity.UserRecommendation{
	// 																																														{
	// 																																															RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																															Username: to.Ptr("omsagent"),
	// 																																													}},
	// 																																												},
	// 																																												{
	// 																																													Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																													Path: to.Ptr("/opt/dsc/bin/dsc_host"),
	// 																																													Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																													Common: to.Ptr(false),
	// 																																													ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																													FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																													UserSids: []*string{
	// 																																														to.Ptr("S-1-1-0")},
	// 																																														Usernames: []*armsecurity.UserRecommendation{
	// 																																															{
	// 																																																RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																Username: to.Ptr("omsagent"),
	// 																																														}},
	// 																																													},
	// 																																													{
	// 																																														Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																														Path: to.Ptr("/usr/bin/sudo"),
	// 																																														Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																														Common: to.Ptr(false),
	// 																																														ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																														FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																														UserSids: []*string{
	// 																																															to.Ptr("S-1-1-0")},
	// 																																															Usernames: []*armsecurity.UserRecommendation{
	// 																																																{
	// 																																																	RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																	Username: to.Ptr("root"),
	// 																																															}},
	// 																																														},
	// 																																														{
	// 																																															Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																															Path: to.Ptr("/bin/bash"),
	// 																																															Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																															Common: to.Ptr(false),
	// 																																															ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																															FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																															UserSids: []*string{
	// 																																																to.Ptr("S-1-1-0")},
	// 																																																Usernames: []*armsecurity.UserRecommendation{
	// 																																																	{
	// 																																																		RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																		Username: to.Ptr("root"),
	// 																																																}},
	// 																																															},
	// 																																															{
	// 																																																Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																Path: to.Ptr("/usr/bin/apt-get"),
	// 																																																Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																Common: to.Ptr(false),
	// 																																																ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																UserSids: []*string{
	// 																																																	to.Ptr("S-1-1-0")},
	// 																																																	Usernames: []*armsecurity.UserRecommendation{
	// 																																																		{
	// 																																																			RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																			Username: to.Ptr("root"),
	// 																																																	}},
	// 																																																},
	// 																																																{
	// 																																																	Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																	Path: to.Ptr("/usr/lib/apt/methods/http"),
	// 																																																	Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																	Common: to.Ptr(false),
	// 																																																	ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																	FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																	UserSids: []*string{
	// 																																																		to.Ptr("S-1-1-0")},
	// 																																																		Usernames: []*armsecurity.UserRecommendation{
	// 																																																			{
	// 																																																				RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																				Username: to.Ptr("root"),
	// 																																																		}},
	// 																																																	},
	// 																																																	{
	// 																																																		Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																		Path: to.Ptr("/usr/lib/apt/methods/gpgv"),
	// 																																																		Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																		Common: to.Ptr(false),
	// 																																																		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																		FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																		UserSids: []*string{
	// 																																																			to.Ptr("S-1-1-0")},
	// 																																																			Usernames: []*armsecurity.UserRecommendation{
	// 																																																				{
	// 																																																					RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																					Username: to.Ptr("root"),
	// 																																																			}},
	// 																																																		},
	// 																																																		{
	// 																																																			Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																			Path: to.Ptr("/usr/lib/apt/methods/copy"),
	// 																																																			Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																			Common: to.Ptr(false),
	// 																																																			ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																			FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																			UserSids: []*string{
	// 																																																				to.Ptr("S-1-1-0")},
	// 																																																				Usernames: []*armsecurity.UserRecommendation{
	// 																																																					{
	// 																																																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																						Username: to.Ptr("root"),
	// 																																																				}},
	// 																																																			},
	// 																																																			{
	// 																																																				Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																				Path: to.Ptr("/usr/bin/pgrep"),
	// 																																																				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																				Common: to.Ptr(true),
	// 																																																				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																				FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																				UserSids: []*string{
	// 																																																					to.Ptr("S-1-1-0")},
	// 																																																					Usernames: []*armsecurity.UserRecommendation{
	// 																																																						{
	// 																																																							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																							Username: to.Ptr("omsagent"),
	// 																																																					}},
	// 																																																				},
	// 																																																				{
	// 																																																					Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 																																																					Path: to.Ptr("/opt/microsoft/omsconfig/bin/omsconsistencyinvoker"),
	// 																																																					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																					Common: to.Ptr(false),
	// 																																																					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																					FileType: to.Ptr(armsecurity.FileTypeExecutable),
	// 																																																					UserSids: []*string{
	// 																																																						to.Ptr("S-1-1-0")},
	// 																																																						Usernames: []*armsecurity.UserRecommendation{
	// 																																																							{
	// 																																																								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																								Username: to.Ptr("omsagent"),
	// 																																																						}},
	// 																																																				}},
	// 																																																				ProtectionMode: &armsecurity.ProtectionMode{
	// 																																																					Executable: to.Ptr(armsecurity.EnforcementModeAudit),
	// 																																																				},
	// 																																																				RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 																																																				SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAuditD),
	// 																																																				VMRecommendations: []*armsecurity.VMRecommendation{
	// 																																																					{
	// 																																																						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 																																																						EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportUnknown),
	// 																																																						RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 																																																						ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/nic-no-pip/providers/microsoft.compute/virtualmachines/nic-no-pip-vm"),
	// 																																																				}},
	// 																																																			},
	// 																																																	}},
	// 																																																}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets a list of application control machine groups for the subscription.
 *
 * @summary Gets a list of application control machine groups for the subscription.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsSubscription_example.json
 */
async function getsAListOfApplicationControlGroupsOfMachinesForTheSubscription() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const includePathRecommendations = true;
  const summary = false;
  const options = {
    includePathRecommendations,
    summary,
  };
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.list(options);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsSubscription_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
bool? includePathRecommendations = true;
bool? summary = false;
await foreach (AdaptiveApplicationControlGroupResource item in subscriptionResource.GetAdaptiveApplicationControlGroupsAsync(includePathRecommendations: includePathRecommendations, summary: summary))
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    AdaptiveApplicationControlGroupData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "value": [
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/AMIT-VA",
      "name": "AMIT-VA",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "centralus",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "exe": "Audit",
          "msi": "Audit",
          "script": "None"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-dsc/providers/microsoft.compute/virtualmachines/erelh-14011",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/amit-va/providers/microsoft.compute/virtualmachines/ream-test",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14060",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          }
        ],
        "pathRecommendations": [
          {
            "path": "C:\\Windows\\SoftwareDistribution\\Download\\Install\\Windows-KB890830-x64-V5.53-delta.exe",
            "type": "File",
            "common": true,
            "action": "Remove",
            "usernames": [
              {
                "username": "LOCAL SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-5-18"
            ],
            "fileType": "Exe",
            "configurationStatus": "NoStatus"
          },
          {
            "path": "C:\\WindowsAzure\\GuestAgent_2.7.1198.822\\CollectGuestLogs.exe",
            "type": "File",
            "common": true,
            "action": "Remove",
            "usernames": [
              {
                "username": "LOCAL SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-5-18"
            ],
            "fileType": "Exe",
            "configurationStatus": "NoStatus"
          },
          {
            "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-5-18",
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [],
        "sourceSystem": "Azure_AppLocker"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
      "name": "ERELGROUP1",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "centralus",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "exe": "Audit",
          "msi": "None",
          "script": "None"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
            "recommendationAction": "Recommended",
            "enforcementSupport": "NotSupported"
          }
        ],
        "pathRecommendations": [
          {
            "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [],
        "sourceSystem": "Azure_AppLocker"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/GROUP1",
      "name": "GROUP1",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "centralus",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "exe": "Audit",
          "msi": "None",
          "script": "None"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/talk-va/providers/microsoft.compute/virtualmachines/tal-win-vm-jit",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/myresourcegroup/providers/microsoft.compute/virtualmachines/myvmweb",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          },
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/v-arrikl-scheduledapps/providers/microsoft.compute/virtualmachines/v-arrikl-14061",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Supported"
          }
        ],
        "pathRecommendations": [
          {
            "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "Everyone",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
            "type": "ProductSignature",
            "publisherInfo": {
              "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
              "productName": "MICROSOFT® COREXT",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%PROGRAMFILES%\\RAPID7\\INSIGHT AGENT\\COMPONENTS\\INSIGHT_AGENT\\2.6.7.9\\GET_PROXY.EXE",
            "type": "PublisherSignature",
            "publisherInfo": {
              "publisherName": "O=RAPID7 LLC, L=BOSTON, S=MASSACHUSETTS, C=US",
              "productName": "*",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "%PROGRAMFILES%\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE",
            "type": "ProductSignature",
            "publisherInfo": {
              "publisherName": "O=GOOGLE LLC, L=MOUNTAIN VIEW, S=CA, C=US",
              "productName": "GOOGLE CHROME",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          },
          {
            "path": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US\\GOOGLE UPDATE\\*\\0.0.0.0",
            "type": "ProductSignature",
            "publisherInfo": {
              "publisherName": "O=GOOGLE INC, L=MOUNTAIN VIEW, S=CALIFORNIA, C=US",
              "productName": "GOOGLE UPDATE",
              "binaryName": "*",
              "version": "0.0.0.0"
            },
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "NT AUTHORITY\\SYSTEM",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Exe",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [],
        "sourceSystem": "Azure_AppLocker"
      }
    },
    {
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/westeurope/applicationWhitelistings/GROUP1",
      "name": "GROUP1",
      "type": "Microsoft.Security/applicationWhitelistings",
      "location": "westeurope",
      "properties": {
        "recommendationStatus": "Recommended",
        "enforcementMode": "Audit",
        "protectionMode": {
          "executable": "Audit"
        },
        "vmRecommendations": [
          {
            "configurationStatus": "Configured",
            "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/nic-no-pip/providers/microsoft.compute/virtualmachines/nic-no-pip-vm",
            "recommendationAction": "Recommended",
            "enforcementSupport": "Unknown"
          }
        ],
        "pathRecommendations": [
          {
            "path": "/sbin/init",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/upstart-udev-bridge",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/lib/systemd/systemd-udevd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/upstart-socket-bridge",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/dhclient",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/python3.4",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/upstart-file-bridge",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/dbus-daemon",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "messagebus",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/lib/systemd/systemd-logind",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/sbin/getty",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/atd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/cron",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/acpid",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/sshd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_vss_daemon",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/linux-lts-xenial-tools-4.4.0-103/hv_kvp_daemon",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/nscd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "unscd",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/ntpd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "ntp",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/auoms/bin/auomscollect",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/omi/bin/omiserver",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/omi/bin/omiengine",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omi",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/omi/bin/omiagent",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/sbin/rsyslogd",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "syslog",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/python2.7",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              },
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/omsagent/ruby/bin/ruby",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/auoms/bin/auoms",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/local/qualys/cloud-agent/bin/qualys-cloud-agent",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/dash",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              },
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/sleep",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/dsc/bin/dsc_host",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/sudo",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/bin/bash",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/apt-get",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/apt/methods/http",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/apt/methods/gpgv",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/lib/apt/methods/copy",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "root",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/usr/bin/pgrep",
            "type": "File",
            "common": true,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          },
          {
            "path": "/opt/microsoft/omsconfig/bin/omsconsistencyinvoker",
            "type": "File",
            "common": false,
            "action": "Recommended",
            "usernames": [
              {
                "username": "omsagent",
                "recommendationAction": "Recommended"
              }
            ],
            "userSids": [
              "S-1-1-0"
            ],
            "fileType": "Executable",
            "configurationStatus": "Configured"
          }
        ],
        "configurationStatus": "Configured",
        "issues": [
          {
            "issue": "ExecutableViolationsAudited",
            "numberOfVms": 1
          }
        ],
        "sourceSystem": "Azure_AuditD"
      }
    }
  ]
}

Definitions

Name	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlGroups	Represents a list of VM/server groups and set of rules that are Recommended by Microsoft Defender for Cloud to be allowed
AdaptiveApplicationControlIssue	An alert that machines within a group can have
AdaptiveApplicationControlIssueSummary	Represents a summary of the alerts of the machine group
CloudError	Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
CloudErrorBody	The error detail.
ConfigurationStatus	The configuration status of the machines group or machine or rule
EnforcementMode	The application control policy enforcement/protection mode of the machine group
EnforcementSupport	The machine supportability of Enforce feature
ErrorAdditionalInfo	The resource management error additional info.
FileType	The type of the file (for Linux files - Executable is used)
PathRecommendation	Represents a path that is recommended to be allowed and its properties
ProtectionMode	The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
PublisherInfo	Represents the publisher information of a process/rule
RecommendationAction	The recommendation action of the machine or rule
RecommendationStatus	The initial recommendation status of the machine group or machine
RecommendationType	The type of the rule to be allowed
SourceSystem	The source type of the machine group
UserRecommendation	Represents a user that is recommended to be allowed for a certain rule
VmRecommendation	Represents a machine that is part of a machine group

AdaptiveApplicationControlGroup

Name	Type	Description
id	string	Resource Id
location	string	Location where the resource is stored
name	string	Resource name
properties.configurationStatus	ConfigurationStatus	The configuration status of the machines group or machine or rule
properties.enforcementMode	EnforcementMode	The application control policy enforcement/protection mode of the machine group
properties.issues	AdaptiveApplicationControlIssueSummary[]	Represents a summary of the alerts of the machine group
properties.pathRecommendations	PathRecommendation[]	Represents a path that is recommended to be allowed and its properties
properties.protectionMode	ProtectionMode	The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.
properties.recommendationStatus	RecommendationStatus	The initial recommendation status of the machine group or machine
properties.sourceSystem	SourceSystem	The source type of the machine group
properties.vmRecommendations	VmRecommendation[]	Represents a machine that is part of a machine group
type	string	Resource type

AdaptiveApplicationControlGroups

Represents a list of VM/server groups and set of rules that are Recommended by Microsoft Defender for Cloud to be allowed

Name	Type	Description
value	AdaptiveApplicationControlGroup[]

AdaptiveApplicationControlIssue

An alert that machines within a group can have

Name	Type	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

Represents a summary of the alerts of the machine group

Name	Type	Description
issue	AdaptiveApplicationControlIssue	An alert that machines within a group can have
numberOfVms	number	The number of machines in the group that have this alert

CloudError

Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).

Name	Type	Description
error.additionalInfo	ErrorAdditionalInfo[]	The error additional info.
error.code	string	The error code.
error.details	CloudErrorBody[]	The error details.
error.message	string	The error message.
error.target	string	The error target.

CloudErrorBody

The error detail.

Name	Type	Description
additionalInfo	ErrorAdditionalInfo[]	The error additional info.
code	string	The error code.
details	CloudErrorBody[]	The error details.
message	string	The error message.
target	string	The error target.

ConfigurationStatus

The configuration status of the machines group or machine or rule

Name	Type	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

The application control policy enforcement/protection mode of the machine group

Name	Type	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

The machine supportability of Enforce feature

Name	Type	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

The resource management error additional info.

Name	Type	Description
info	object	The additional info.
type	string	The additional info type.

FileType

The type of the file (for Linux files - Executable is used)

Name	Type	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

Represents a path that is recommended to be allowed and its properties

Name	Type	Description
action	RecommendationAction	The recommendation action of the machine or rule
common	boolean	Whether the application is commonly run on the machine
configurationStatus	ConfigurationStatus	The configuration status of the machines group or machine or rule
fileType	FileType	The type of the file (for Linux files - Executable is used)
path	string	The full path of the file, or an identifier of the application
publisherInfo	PublisherInfo	Represents the publisher information of a process/rule
type	RecommendationType	The type of the rule to be allowed
userSids	string[]	A security identifier
usernames	UserRecommendation[]	Represents a user that is recommended to be allowed for a certain rule

ProtectionMode

The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux.

Name	Type	Description
exe	EnforcementMode	The application control policy enforcement/protection mode of the machine group
executable	EnforcementMode	The application control policy enforcement/protection mode of the machine group
msi	EnforcementMode	The application control policy enforcement/protection mode of the machine group
script	EnforcementMode	The application control policy enforcement/protection mode of the machine group

PublisherInfo

Represents the publisher information of a process/rule

Name	Type	Description
binaryName	string	The "OriginalName" field taken from the file's version resource
productName	string	The product name taken from the file's version resource
publisherName	string	The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country
version	string	The binary file version taken from the file's version resource

RecommendationAction

The recommendation action of the machine or rule

Name	Type	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

The initial recommendation status of the machine group or machine

Name	Type	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

The type of the rule to be allowed

Name	Type	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

The source type of the machine group

Name	Type	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

Represents a user that is recommended to be allowed for a certain rule

Name	Type	Description
recommendationAction	RecommendationAction	The recommendation action of the machine or rule
username	string	Represents a user that is recommended to be allowed for a certain rule

VmRecommendation

Represents a machine that is part of a machine group

Name	Type	Description
configurationStatus	ConfigurationStatus	The configuration status of the machines group or machine or rule
enforcementSupport	EnforcementSupport	The machine supportability of Enforce feature
recommendationAction	RecommendationAction	The recommendation action of the machine or rule
resourceId	string	The full resource id of the machine

Adaptive Application Controls - List

URI Parameters

Responses

Security

azure_auth

Scopes

Examples

Gets a list of application control groups of machines for the subscription

Sample Request

Sample Response

Definitions

AdaptiveApplicationControlGroup

AdaptiveApplicationControlGroups

AdaptiveApplicationControlIssue

AdaptiveApplicationControlIssueSummary

CloudError

CloudErrorBody

ConfigurationStatus

EnforcementMode

EnforcementSupport

ErrorAdditionalInfo

FileType

PathRecommendation

ProtectionMode

PublisherInfo

RecommendationAction

RecommendationStatus

RecommendationType

SourceSystem

UserRecommendation

VmRecommendation

Additional resources