As an IT professional overseeing a Microsoft 365 subscription and an Azure subscription, you have enabled both Microsoft 365 Defender and Microsoft Defender for Cloud. In your Azure subscription, there are 50 virtual machines, each operating various applications on Windows Server 2019. Your task is to recommend a security solution that guarantees only authorized applications can execute on these virtual machines. Any unauthorized application that tries to run or install should automatically be blocked, pending administrator authorization. Which security control would you suggest to meet this requirement?