NSG/ASG management and monitoring
add capability to modify and monitor NSGs and ASGs.
I agree, we need more management and monitoring functionalities/logs, specially on the ASG side as it only seems to log when an ASG is created/deleted and not when it is joined to a NIC, which is something crucial from a security point of view.
I agree this is a useful addition that is currently lacking. For us it is around scalability of NSG's in an Enterprise environment. We have hundreds of subscriptions across the business units which use a baseline NSG policy which allows the resources to connect with key services in the environment such as DNS, AD, KMS, SCCM etc. If there was a mechanism to centrally define objects maybe as global application groups which could be consumed across subscriptions this would be very useful as having to manage a change to IP or add a subnet to an existing baseline rule is currently a painful task when you are dealing with many 0000's of NSG's.
We need the capability to manage and monitor ASGs/NSGs across the different subscriptions. This should provide visibility and control for centralized security teams to have an end-to-end visibility and control. Also should provide the capability to automate any ASG/NSG rules across subscriptions.
This is would be a valuable enhancement. Having a dashboard to visualize using the new Azure Security Center then being able to pivot into the NSG/ASG environments would enable operations team a quick look into security around resources. You have my vote!