Event banner

Microsoft Defender for Cloud AMA

Event Ended

Thursday, Mar 30, 2023, 09:00 AM PDT

In-Person

Event details

An AMA is a live text-based online event similar to an "Ask Me Anything," on Reddit. This AMA gives you the opportunity to connect with members of the Defender for Cloud product group who will be on ...

Trevor_Rusher

Updated Mar 30, 2023

microsoft defender for cloud

ThomasVrhydn

Copper Contributor

Mar 30, 2023

A adaptive application control question. Do you know if there is a way to investigate whats wrong if a device falls under the No recommendation? The device is up and running for more then 3 weeks. Heartbeat of the AMA agent is reporting ok. File integrity is working fine on that device. But still the device isn't showing in the recommended tab. Is there some logs file we can check for this?

Tom_Janetscheck

Microsoft

Mar 30, 2023

Hi Thomas, in case it is a Windows machine, you might have a pre-existing AppLocker policy, or AppLocker is not available on it. In this case, the machine will have no recommendation. Please also look at https://learn.microsoft.com/en-us/azure/defender-for-cloud/adaptive-application-controls#enable-application-controls-on-a-group-of-machines.

ThomasVrhydn
Copper Contributor
Mar 30, 2023
The Event viewer app lockers logs are empty so i'm pretty sure app locker isn't running on that machine. It is also the windows server Datacenter edition with GUI so that is also not the case
- ThomasVrhydn
  Copper Contributor
  Mar 30, 2023
  I'm more thinking that it doens't work correctly with AMA agent.
  - Tom_Janetscheck
    Microsoft
    Mar 30, 2023
    In this case please raise a support ticket, as AMA is expected to support both, File Integrity Monitoring, and Adaptive Application Controls.

Date and Time

Mar 30, 20239:00 AM - 10:00 AM PDT