This feature like the old Windows AppLocker or Software restriction Policy. Simply you can block to run off any unknown software on your VM. First, it runs on Audit mode and then Enforces mode.
By the way – some time ago I was in a team that delivered computers to schools – 40k+ and there was no antimalware/antivirus software and after three years if the teacher did not disable Software Restriction on these computers they working like a brand new without any unwanted software. Compare it to your laptop with a bunk of software that nobody knows what is for.
Great Video: https://www.youtube.com/watch?v=wWWekI1Y9ck
It runs under the licensed feature of the Security Center / Azure Defender.
Recommended tab included automatically created groups of VM have similar applications detected by Machine Learning. You can use them just by clicking Audit mode and after auditing switch to Enforced mode.
Machine Learning is great, but the human brain is better, so from here you can create your group with servers that play the same or similar role in your organization and runs the same or similar applications, especially for cross regions VMs.
After that you should be patient and get data for at least 14 days – After that, you can add your own rules and switch to Enforce mode:
BTW Machine Learning also must feed data for 14 days, and the No recommendations tab include machines with non-enough data gathered.