Skip to main content

More Info:

Enable Adaptive Application Whitelisting recommendations for virtual machines.

Risk Level

Low

Address

Security, Operational Maturity

Compliance Standards

HIPAA, ISO27001

Triage and Remediation

  • Remediation

Remediation

Using Console

To remediate the misconfiguration “Monitor Adaptive Application Whitelisting setting is not enabled” in Azure using the Azure console, follow the below steps:
  1. Log in to the Azure portal (https://portal.azure.com/).
  2. Click on the “Security Center” option from the left-hand menu.
  3. Click on the “Security Policy” option from the Security Center menu.
  4. Select the security policy that you want to remediate.
  5. Click on the “Edit Policy” button located at the top of the screen.
  6. Scroll down to the “Adaptive Application Controls” section and click on “Edit”.
  7. Enable the “Monitor Adaptive Application Whitelisting setting” option.
  8. Click on the “Save” button to save the changes.
Once you have completed these steps, the “Monitor Adaptive Application Whitelisting setting” will be enabled, and the misconfiguration will be remediated.

To remediate the “Monitor Adaptive Application Whitelisting setting is not enabled” misconfiguration in Azure using Azure CLI, follow these steps:
  1. Open the Azure CLI in your terminal or command prompt.
  2. Login to your Azure account using the command “az login”.
  3. Once you are logged in, select the Azure subscription where the misconfiguration exists using the command az account set --subscription <subscription_id>.
  4. Check the current status of the Monitor Adaptive Application Whitelisting setting using the command “az security assessment-metadata show —name “Monitor Adaptive Application Whitelisting setting is not enabled” —query status”.
  5. If the current status is “NotApplicable” or “Healthy”, then the misconfiguration does not exist and no further action is required.
  6. If the current status is “Unhealthy”, then the misconfiguration exists and needs to be remediated.
  7. To remediate the misconfiguration, enable the Monitor Adaptive Application Whitelisting setting using the command “az security assessment set —name “Monitor Adaptive Application Whitelisting setting is not enabled” —status Healthy”.
  8. Verify that the misconfiguration has been remediated by checking the status again using the command “az security assessment-metadata show —name “Monitor Adaptive Application Whitelisting setting is not enabled” —query status”.
By following these steps, you can remediate the “Monitor Adaptive Application Whitelisting setting is not enabled” misconfiguration in Azure using Azure CLI.
To remediate the “Monitor Adaptive Application Whitelisting setting is not enabled” misconfiguration in Azure using Python, you can use the Azure SDK for Python. Here are the steps to follow:
  1. Install the Azure SDK for Python using pip:
pip install azure-mgmt-security
  1. Import the necessary modules:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.security import SecurityCenter
  1. Set up the credentials for the Azure account:
subscription_id = '<subscription_id>'
client_id = '<client_id>'
client_secret = '<client_secret>'
tenant_id = '<tenant_id>'

credentials = ServicePrincipalCredentials(
    client_id=client_id,
    secret=client_secret,
    tenant=tenant_id
)
  1. Create a SecurityCenter client object:
security_center_client = SecurityCenter(credentials, subscription_id)
  1. Get the security policy for the subscription:
policy = security_center_client.policies.get('default')
  1. Check if the “Monitor Adaptive Application Whitelisting” setting is enabled:
monitor_aaw = False
for setting in policy.settings:
    if setting.name == 'monitorAdaptiveApplicationWhitelisting':
        monitor_aaw = setting.value
        break
  1. If the setting is not enabled, enable it:
if not monitor_aaw:
    for setting in policy.settings:
        if setting.name == 'monitorAdaptiveApplicationWhitelisting':
            setting.value = True
            break

    updated_policy = security_center_client.policies.create_or_update('default', policy)
These steps will remediate the “Monitor Adaptive Application Whitelisting setting is not enabled” misconfiguration in Azure using Python.
I