The locations/applicationWhitelistings resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Security/locations/applicationWhitelistings resource, add the following JSON to your template.
{
"type": "Microsoft.Security/locations/applicationWhitelistings",
"apiVersion": "2020-01-01",
"name": "string",
"properties": {
"enforcementMode": "string",
"pathRecommendations": [
{
"action": "string",
"common": "bool",
"configurationStatus": "string",
"fileType": "string",
"path": "string",
"publisherInfo": {
"binaryName": "string",
"productName": "string",
"publisherName": "string",
"version": "string"
},
"type": "string",
"usernames": [
{
"recommendationAction": "string",
"username": "string"
}
],
"userSids": [ "string" ]
}
],
"protectionMode": {
"exe": "string",
"executable": "string",
"msi": "string",
"script": "string"
},
"vmRecommendations": [
{
"configurationStatus": "string",
"enforcementSupport": "string",
"recommendationAction": "string",
"resourceId": "string"
}
]
}
}
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Security/locations/applicationWhitelistings' |
apiVersion | The resource api version | '2020-01-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
properties | Represents a machines group and set of rules to be allowed running on a machine | AdaptiveApplicationControlGroupData (required) |
Name | Description | Value |
---|---|---|
enforcementMode | The application control policy enforcement/protection mode of the machine group | 'Audit' 'Enforce' 'None' |
pathRecommendations | PathRecommendation[] | |
protectionMode | The protection mode of the collection/file types. Exe/Msi/Script are used for Windows, Executable is used for Linux. | ProtectionMode |
vmRecommendations | VmRecommendation[] |
Name | Description | Value |
---|---|---|
action | The recommendation action of the machine or rule | 'Add' 'Recommended' 'Remove' |
common | Whether the application is commonly run on the machine | bool |
configurationStatus | The configuration status of the machines group or machine or rule | 'Configured' 'Failed' 'InProgress' 'NoStatus' 'NotConfigured' |
fileType | The type of the file (for Linux files - Executable is used) | 'Dll' 'Exe' 'Executable' 'Msi' 'Script' 'Unknown' |
path | The full path of the file, or an identifier of the application | string |
publisherInfo | Represents the publisher information of a process/rule | PublisherInfo |
type | The type of the rule to be allowed | 'BinarySignature' 'File' 'FileHash' 'ProductSignature' 'PublisherSignature' 'VersionAndAboveSignature' |
usernames | UserRecommendation[] | |
userSids | string[] |
Name | Description | Value |
---|---|---|
binaryName | The "OriginalName" field taken from the file's version resource | string |
productName | The product name taken from the file's version resource | string |
publisherName | The Subject field of the x.509 certificate used to sign the code, using the following fields - O = Organization, L = Locality, S = State or Province, and C = Country | string |
version | The binary file version taken from the file's version resource | string |
Name | Description | Value |
---|---|---|
recommendationAction | The recommendation action of the machine or rule | 'Add' 'Recommended' 'Remove' |
username | Represents a user that is recommended to be allowed for a certain rule | string |
Name | Description | Value |
---|---|---|
exe | The application control policy enforcement/protection mode of the machine group | 'Audit' 'Enforce' 'None' |
executable | The application control policy enforcement/protection mode of the machine group | 'Audit' 'Enforce' 'None' |
msi | The application control policy enforcement/protection mode of the machine group | 'Audit' 'Enforce' 'None' |
script | The application control policy enforcement/protection mode of the machine group | 'Audit' 'Enforce' 'None' |
Name | Description | Value |
---|---|---|
configurationStatus | The configuration status of the machines group or machine or rule | 'Configured' 'Failed' 'InProgress' 'NoStatus' 'NotConfigured' |
enforcementSupport | The machine supportability of Enforce feature | 'NotSupported' 'Supported' 'Unknown' |
recommendationAction | The recommendation action of the machine or rule | 'Add' 'Recommended' 'Remove' |
resourceId | The full resource id of the machine | string |