Adaptive application control - automatically include Azure Monitoring exe's
Adaptive application control seems like a good way of "auditing" unwanted programs from running on your VM.
Can you add a feature to be able to exclude the Azure Monitoring (health and diagnostic checks) and even VSTS-agents ?
Adding each individual path to the "policy extension" list is not efficient.
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
Austin Sabel commented
This is critically important as it leads to a constant stream of erronous threat alerts in azure security center every time there is an update to one of the many VM extension provided by Microsoft.
The other alternative would be for Microsoft to actually digitally sign their extension executables using their Microsoft publisher certificate, so that it can match a more generic publisher based exception rule.