As an IT administrator managing a Microsoft 365 subscription alongside an Azure subscription, you have ensured that both Microsoft 365 Defender and Microsoft Defender for Cloud are enabled for enhanced security. Your Azure subscription includes 50 virtual machines, each operating on Windows Server 2019 and running a variety of different applications. To elevate security measures, you are tasked with recommending a solution that guarantees only authorized applications can execute on these virtual machines. In the scenario where an unauthorized application tries to run or get installed, the solution must automatically block the application until it receives approval from an administrator. Which security control would you recommend implementing to achieve this?