NSG/ASG management and monitoring
add capability to modify and monitor NSGs and ASGs.
We understand this is an important ask. NSG/ASG and general network management tools are something we are currently planning. Stay tuned!
Fully agree we need this, also it would be cool if developers them selves can manage these within a allowed range! currently we use Azure devops to do this, but not everyone are into the code first world :-)
I agree, we need more management and monitoring functionalities/logs, specially on the ASG side as it only seems to log when an ASG is created/deleted and not when it is joined to a NIC, which is something crucial from a security point of view.
I agree this is a useful addition that is currently lacking. For us it is around scalability of NSG's in an Enterprise environment. We have hundreds of subscriptions across the business units which use a baseline NSG policy which allows the resources to connect with key services in the environment such as DNS, AD, KMS, SCCM etc. If there was a mechanism to centrally define objects maybe as global application groups which could be consumed across subscriptions this would be very useful as having to manage a change to IP or add a subnet to an existing baseline rule is currently a painful task when you are dealing with many 0000's of NSG's.
We need the capability to manage and monitor ASGs/NSGs across the different subscriptions. This should provide visibility and control for centralized security teams to have an end-to-end visibility and control. Also should provide the capability to automate any ASG/NSG rules across subscriptions.
This is would be a valuable enhancement. Having a dashboard to visualize using the new Azure Security Center then being able to pivot into the NSG/ASG environments would enable operations team a quick look into security around resources. You have my vote!