You are managing a Microsoft 365 subscription alongside an Azure subscription. Both Microsoft 365 Defender and Microsoft Defender for Cloud are activated. Within the Azure subscription, there are 50 virtual machines, each running distinct applications on Windows Server 2019. Your task is to propose a solution that ensures only authorized applications can operate on these virtual machines. If an unauthorized application tries to execute or install, it should be automatically blocked until an administrator provides authorization. Which security control would you recommend to achieve this?