Adaptive Application Controls - Get

Service:

Defender for Cloud

API Version:

2020-01-01

取得應用程控 VM/伺服器群組。

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/applicationWhitelistings/{groupName}?api-version=2020-01-01

URI 參數

名稱	位於	必要	類型	Description
ascLocation	path	True	string	ASC 儲存訂閱數據的位置。 可以從取得位置擷取
groupName	path	True	string	應用程控機器群組的名稱
subscriptionId	path	True	string	Azure 訂用帳戶識別碼 Regex pattern: ^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$
api-version	query	True	string	作業的 API 版本

回應

名稱	類型	Description
200 OK	AdaptiveApplicationControlGroup	確定
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

Gets a configured application control VM/server group

Sample Request

HTTP

GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1?api-version=2020-01-01

Java

/** Samples for AdaptiveApplicationControls Get. */
public final class Main {
    /*
     * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsGroup_example.json
     */
    /**
     * Sample code: Gets a configured application control VM/server group.
     *
     * @param manager Entry point to SecurityManager.
     */
    public static void getsAConfiguredApplicationControlVMServerGroup(
        com.azure.resourcemanager.security.SecurityManager manager) {
        manager
            .adaptiveApplicationControls()
            .getWithResponse("centralus", "ERELGROUP1", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armsecurity_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/b43974e07d3204c4b6f8396627f5430994a7f7c9/specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsGroup_example.json
func ExampleAdaptiveApplicationControlsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewAdaptiveApplicationControlsClient().Get(ctx, "centralus", "ERELGROUP1", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.AdaptiveApplicationControlGroup = armsecurity.AdaptiveApplicationControlGroup{
	// 	Location: to.Ptr("centralus"),
	// 	Name: to.Ptr("ERELGROUP1"),
	// 	Type: to.Ptr("Microsoft.Security/applicationWhitelistings"),
	// 	ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1"),
	// 	Properties: &armsecurity.AdaptiveApplicationControlGroupData{
	// 		ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 		EnforcementMode: to.Ptr(armsecurity.EnforcementModeAudit),
	// 		Issues: []*armsecurity.AdaptiveApplicationControlIssueSummary{
	// 		},
	// 		PathRecommendations: []*armsecurity.PathRecommendation{
	// 			{
	// 				Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 				Path: to.Ptr("[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0"),
	// 				Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 				Common: to.Ptr(true),
	// 				ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 				FileType: to.Ptr(armsecurity.FileTypeExe),
	// 				PublisherInfo: &armsecurity.PublisherInfo{
	// 					BinaryName: to.Ptr("*"),
	// 					ProductName: to.Ptr("*"),
	// 					PublisherName: to.Ptr("O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US"),
	// 					Version: to.Ptr("0.0.0.0"),
	// 				},
	// 				UserSids: []*string{
	// 					to.Ptr("S-1-1-0")},
	// 					Usernames: []*armsecurity.UserRecommendation{
	// 						{
	// 							RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 							Username: to.Ptr("Everyone"),
	// 					}},
	// 				},
	// 				{
	// 					Type: to.Ptr(armsecurity.RecommendationType("ProductSignature")),
	// 					Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE"),
	// 					Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 					Common: to.Ptr(true),
	// 					ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 					FileType: to.Ptr(armsecurity.FileTypeExe),
	// 					PublisherInfo: &armsecurity.PublisherInfo{
	// 						BinaryName: to.Ptr("*"),
	// 						ProductName: to.Ptr("MICROSOFT® COREXT"),
	// 						PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 						Version: to.Ptr("0.0.0.0"),
	// 					},
	// 					UserSids: []*string{
	// 						to.Ptr("S-1-1-0")},
	// 						Usernames: []*armsecurity.UserRecommendation{
	// 							{
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 						}},
	// 					},
	// 					{
	// 						Type: to.Ptr(armsecurity.RecommendationType("PublisherSignature")),
	// 						Path: to.Ptr("%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE"),
	// 						Action: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 						Common: to.Ptr(true),
	// 						ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 						FileType: to.Ptr(armsecurity.FileTypeExe),
	// 						PublisherInfo: &armsecurity.PublisherInfo{
	// 							BinaryName: to.Ptr("*"),
	// 							ProductName: to.Ptr("*"),
	// 							PublisherName: to.Ptr("CN=MICROSOFT AZURE DEPENDENCY CODE SIGN"),
	// 							Version: to.Ptr("0.0.0.0"),
	// 						},
	// 						UserSids: []*string{
	// 							to.Ptr("S-1-1-0")},
	// 							Usernames: []*armsecurity.UserRecommendation{
	// 								{
	// 									RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 									Username: to.Ptr("NT AUTHORITY\\SYSTEM"),
	// 							}},
	// 						},
	// 						{
	// 							Type: to.Ptr(armsecurity.RecommendationType("File")),
	// 							Path: to.Ptr("C:\\directory\\file.exe"),
	// 							Action: to.Ptr(armsecurity.RecommendationActionAdd),
	// 							Common: to.Ptr(true),
	// 							ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 							FileType: to.Ptr(armsecurity.FileTypeExe),
	// 							UserSids: []*string{
	// 								to.Ptr("S-1-1-0")},
	// 								Usernames: []*armsecurity.UserRecommendation{
	// 									{
	// 										RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 										Username: to.Ptr("Everyone"),
	// 								}},
	// 						}},
	// 						ProtectionMode: &armsecurity.ProtectionMode{
	// 							Exe: to.Ptr(armsecurity.EnforcementModeAudit),
	// 							Msi: to.Ptr(armsecurity.EnforcementModeAudit),
	// 							Script: to.Ptr(armsecurity.EnforcementModeNone),
	// 						},
	// 						RecommendationStatus: to.Ptr(armsecurity.RecommendationStatusRecommended),
	// 						SourceSystem: to.Ptr(armsecurity.SourceSystemAzureAppLocker),
	// 						VMRecommendations: []*armsecurity.VMRecommendation{
	// 							{
	// 								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 								EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090"),
	// 							},
	// 							{
	// 								ConfigurationStatus: to.Ptr(armsecurity.ConfigurationStatusConfigured),
	// 								EnforcementSupport: to.Ptr(armsecurity.EnforcementSupportSupported),
	// 								RecommendationAction: to.Ptr(armsecurity.RecommendationActionRecommended),
	// 								ResourceID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19"),
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets an application control VM/server group.
 *
 * @summary Gets an application control VM/server group.
 * x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsGroup_example.json
 */
async function getsAConfiguredApplicationControlVMOrServerGroup() {
  const subscriptionId =
    process.env["SECURITY_SUBSCRIPTION_ID"] || "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
  const ascLocation = "centralus";
  const groupName = "ERELGROUP1";
  const credential = new DefaultAzureCredential();
  const client = new SecurityCenter(credential, subscriptionId);
  const result = await client.adaptiveApplicationControls.get(ascLocation, groupName);
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Resources;
using Azure.ResourceManager.SecurityCenter;
using Azure.ResourceManager.SecurityCenter.Models;

// Generated from example definition: specification/security/resource-manager/Microsoft.Security/stable/2020-01-01/examples/ApplicationWhitelistings/GetAdaptiveApplicationControlsGroup_example.json
// this example is just showing the usage of "AdaptiveApplicationControls_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this AdaptiveApplicationControlGroupResource created on azure
// for more information of creating AdaptiveApplicationControlGroupResource, please refer to the document of AdaptiveApplicationControlGroupResource
string subscriptionId = "20ff7fc3-e762-44dd-bd96-b71116dcdc23";
AzureLocation ascLocation = new AzureLocation("centralus");
string groupName = "ERELGROUP1";
ResourceIdentifier adaptiveApplicationControlGroupResourceId = AdaptiveApplicationControlGroupResource.CreateResourceIdentifier(subscriptionId, ascLocation, groupName);
AdaptiveApplicationControlGroupResource adaptiveApplicationControlGroup = client.GetAdaptiveApplicationControlGroupResource(adaptiveApplicationControlGroupResourceId);

// invoke the operation
AdaptiveApplicationControlGroupResource result = await adaptiveApplicationControlGroup.GetAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
AdaptiveApplicationControlGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/locations/centralus/applicationWhitelistings/ERELGROUP1",
  "name": "ERELGROUP1",
  "type": "Microsoft.Security/applicationWhitelistings",
  "location": "centralus",
  "properties": {
    "recommendationStatus": "Recommended",
    "enforcementMode": "Audit",
    "protectionMode": {
      "exe": "Audit",
      "msi": "Audit",
      "script": "None"
    },
    "vmRecommendations": [
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/erelh-stable/providers/microsoft.compute/virtualmachines/erelh-16090",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      },
      {
        "configurationStatus": "Configured",
        "resourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourcegroups/matanvs/providers/microsoft.compute/virtualmachines/matanvs19",
        "recommendationAction": "Recommended",
        "enforcementSupport": "Supported"
      }
    ],
    "pathRecommendations": [
      {
        "path": "[Exe] O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\\*\\*\\0.0.0.0",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\SECAGENT\\WASECAGENTPROV.EXE",
        "type": "ProductSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "MICROSOFT® COREXT",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "%OSDRIVE%\\WINDOWSAZURE\\PACKAGES_201973_7415\\COLLECTGUESTLOGS.EXE",
        "type": "PublisherSignature",
        "publisherInfo": {
          "publisherName": "CN=MICROSOFT AZURE DEPENDENCY CODE SIGN",
          "productName": "*",
          "binaryName": "*",
          "version": "0.0.0.0"
        },
        "common": true,
        "action": "Recommended",
        "usernames": [
          {
            "username": "NT AUTHORITY\\SYSTEM",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      },
      {
        "path": "C:\\directory\\file.exe",
        "type": "File",
        "common": true,
        "action": "Add",
        "usernames": [
          {
            "username": "Everyone",
            "recommendationAction": "Recommended"
          }
        ],
        "userSids": [
          "S-1-1-0"
        ],
        "fileType": "Exe",
        "configurationStatus": "Configured"
      }
    ],
    "configurationStatus": "Configured",
    "issues": [],
    "sourceSystem": "Azure_AppLocker"
  }
}

定義

名稱	Description
AdaptiveApplicationControlGroup
AdaptiveApplicationControlIssue	群組內機器可以擁有的警示
AdaptiveApplicationControlIssueSummary	代表計算機群組警示的摘要
CloudError	所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 (這也會遵循 OData 錯誤回應格式。) 。
CloudErrorBody	錯誤詳細數據。
ConfigurationStatus	計算機群組或電腦或規則的設定狀態
EnforcementMode	計算機群組的應用程式控制原則強制執行/保護模式
EnforcementSupport	強制執行功能的機器支援性
ErrorAdditionalInfo	資源管理錯誤其他資訊。
FileType	Linux 檔案的檔案 (類型 - 可執行檔)
PathRecommendation	表示建議允許的路徑及其屬性
ProtectionMode	集合/檔案類型的保護模式。 Exe/Msi/Script 用於 Windows，可執行文件則用於 Linux。
PublisherInfo	表示進程/規則的發行者資訊
RecommendationAction	計算機或規則的建議動作
RecommendationStatus	計算機群組或計算機的初始建議狀態
RecommendationType	允許的規則類型
SourceSystem	計算機群組的來源類型
UserRecommendation	代表建議針對特定規則允許的使用者
VmRecommendation	代表屬於計算機群組一部分的計算機

AdaptiveApplicationControlGroup

名稱	類型	Description
id	string	資源標識碼
location	string	儲存資源的位置
name	string	資源名稱
properties.configurationStatus	ConfigurationStatus	計算機群組或電腦或規則的設定狀態
properties.enforcementMode	EnforcementMode	計算機群組的應用程式控制原則強制執行/保護模式
properties.issues	AdaptiveApplicationControlIssueSummary[]	代表計算機群組警示的摘要
properties.pathRecommendations	PathRecommendation[]	表示建議允許的路徑及其屬性
properties.protectionMode	ProtectionMode	集合/檔案類型的保護模式。 Exe/Msi/Script 用於 Windows，可執行文件則用於 Linux。
properties.recommendationStatus	RecommendationStatus	計算機群組或計算機的初始建議狀態
properties.sourceSystem	SourceSystem	計算機群組的來源類型
properties.vmRecommendations	VmRecommendation[]	代表屬於計算機群組一部分的計算機
type	string	資源類型

AdaptiveApplicationControlIssue

群組內機器可以擁有的警示

名稱	類型	Description
ExecutableViolationsAudited	string
MsiAndScriptViolationsAudited	string
MsiAndScriptViolationsBlocked	string
RulesViolatedManually	string
ViolationsAudited	string
ViolationsBlocked	string

AdaptiveApplicationControlIssueSummary

代表計算機群組警示的摘要

名稱	類型	Description
issue	AdaptiveApplicationControlIssue	群組內機器可以擁有的警示
numberOfVms	number	群組中具有此警示的計算機數目

CloudError

所有 Azure Resource Manager API 的常見錯誤回應，以傳回失敗作業的錯誤詳細數據。 (這也會遵循 OData 錯誤回應格式。) 。

名稱	類型	Description
error.additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
error.code	string	錯誤碼。
error.details	CloudErrorBody[]	錯誤詳細資料。
error.message	string	錯誤訊息。
error.target	string	錯誤目標。

CloudErrorBody

錯誤詳細數據。

名稱	類型	Description
additionalInfo	ErrorAdditionalInfo[]	錯誤其他資訊。
code	string	錯誤碼。
details	CloudErrorBody[]	錯誤詳細資料。
message	string	錯誤訊息。
target	string	錯誤目標。

ConfigurationStatus

計算機群組或電腦或規則的設定狀態

名稱	類型	Description
Configured	string
Failed	string
InProgress	string
NoStatus	string
NotConfigured	string

EnforcementMode

計算機群組的應用程式控制原則強制執行/保護模式

名稱	類型	Description
Audit	string
Enforce	string
None	string

EnforcementSupport

強制執行功能的機器支援性

名稱	類型	Description
NotSupported	string
Supported	string
Unknown	string

ErrorAdditionalInfo

資源管理錯誤其他資訊。

名稱	類型	Description
info	object	其他資訊。
type	string	其他信息類型。

FileType

Linux 檔案的檔案 (類型 - 可執行檔)

名稱	類型	Description
Dll	string
Exe	string
Executable	string
Msi	string
Script	string
Unknown	string

PathRecommendation

表示建議允許的路徑及其屬性

名稱	類型	Description
action	RecommendationAction	計算機或規則的建議動作
common	boolean	應用程式是否經常在機器上執行
configurationStatus	ConfigurationStatus	計算機群組或電腦或規則的設定狀態
fileType	FileType	Linux 檔案的檔案 (類型 - 可執行檔)
path	string	檔案的完整路徑，或應用程式的標識碼
publisherInfo	PublisherInfo	表示進程/規則的發行者資訊
type	RecommendationType	允許的規則類型
userSids	string[]	安全性標識碼
usernames	UserRecommendation[]	代表建議針對特定規則允許的使用者

ProtectionMode

集合/檔案類型的保護模式。 Exe/Msi/Script 用於 Windows，可執行文件則用於 Linux。

名稱	類型	Description
exe	EnforcementMode	計算機群組的應用程式控制原則強制執行/保護模式
executable	EnforcementMode	計算機群組的應用程式控制原則強制執行/保護模式
msi	EnforcementMode	計算機群組的應用程式控制原則強制執行/保護模式
script	EnforcementMode	計算機群組的應用程式控制原則強制執行/保護模式

PublisherInfo

表示進程/規則的發行者資訊

名稱	類型	Description
binaryName	string	取自檔案版本資源的 「OriginalName」 欄位
productName	string	取自檔案版本資源的產品名稱
publisherName	string	用來簽署程式代碼之 x.509 憑證的 [主體] 字段，使用下列欄位 - O = 組織、L = 地區、S = 州或省，以及 C = 國家/地區
version	string	取自檔案版本資源的二進位檔版本

RecommendationAction

計算機或規則的建議動作

名稱	類型	Description
Add	string
Recommended	string
Remove	string

RecommendationStatus

計算機群組或計算機的初始建議狀態

名稱	類型	Description
NoStatus	string
NotAvailable	string
NotRecommended	string
Recommended	string

RecommendationType

允許的規則類型

名稱	類型	Description
BinarySignature	string
File	string
FileHash	string
ProductSignature	string
PublisherSignature	string
VersionAndAboveSignature	string

SourceSystem

計算機群組的來源類型

名稱	類型	Description
Azure_AppLocker	string
Azure_AuditD	string
NonAzure_AppLocker	string
NonAzure_AuditD	string
None	string

UserRecommendation

代表建議針對特定規則允許的使用者

名稱	類型	Description
recommendationAction	RecommendationAction	計算機或規則的建議動作
username	string	代表建議針對特定規則允許的使用者

VmRecommendation

代表屬於計算機群組一部分的計算機

名稱	類型	Description
configurationStatus	ConfigurationStatus	計算機群組或電腦或規則的設定狀態
enforcementSupport	EnforcementSupport	強制執行功能的機器支援性
recommendationAction	RecommendationAction	計算機或規則的建議動作
resourceId	string	計算機的完整資源識別碼