Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. Improve quality of Security Center logs accessible via GraphAPI

    My team exports Azure Security Center alerts to a third party for both long-term storage for legally required retention policies and trend analysis in an enterprise-wide (including non-MS technology) context. The current quality of logs exportable from the graph APIs is prohibitively ineffective due to critical information missing.

    This is an aggregate of missing data we've found over the past few months:


    • Malware alerts either do not provide file hashes or only SHA-1 is provided

    • Geographical anomaly alerts do not provide any geographical data (no IP address, no country, no region, etc)

    • IP anomaly alerts do not provide IP information
    40 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. (Geo) Country IP blocks are needed in NSGs

    A well known method to mitigate Internet-based threats are country-based IP blocks. Many firewall vendors have this feature for a long time. Please make it possible to create "block lists" of countries (or "white lists" as well) and make NSG rules key on that.

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. ArcSight

    Allow for third party Security Information Event Management (SIEM) tools to be operated in the cloud to monitor the event logs. Solutions such as HP ArcSight are ideally suited to monitor event data to enrich the security analytics.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. make it possible to exclude specific VM/Resource groups from ASC

    We sometimes run into situations where ASC agent causes problems on specific VM's. This leads into disabling ASC on the complete subscription as we cannot exclude specific machines

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for your feedback,
    This is something we would like to add to ASC in the future, though no ETA I can share at this point.

    thanks,
    Gilad Elyashar, head of product, Azure Security Center

  5. Acknowledge recommendations with comment and / or a timeframe

    Can we get a field after we dismiss a recommendation. And if possible maybe we can dismiss the recommendation for a period of time. For example, we call the department that manages the affected VM and they will implement the recommendation next week. With the possibility to dismiss for a period of time we can check again in a week.

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Suppressing Individual alerts in Security Center

    Currently there is no way to suppress or make a alert silent for a particular time frame or permanently. This is one thing which will really help if implemented. At times security center keeps throwing alert for a process which you know is not malicious but have no way to stop Security Center send email alerts repeatedly for the same thing.
    There should be a way to either stop or suppress, individual alerts so that one can focus on other alerts and take action on them instead of thinking it is the same alert and no action is required

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Alert acknowledgement

    Is there a way to acknowledge Alert so the email notifications are no longer triggered? For example Malware was stopped on a PC, alert triggered an email notification that malware was detected and stopped/remediated .. I looked at the alert and issue and all is OK, .but the alert keeps sending email messages?

    21 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support for letting apps send custom alerts to Security Center

    For example, a security issue that an application looks for and detects. Allowing the application to send a message to security center, instead of some other log/location that might get overlooked.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Integration with Azure OMS

    Now we have at least 2 different azure features that covering Security topic.
    Security Center and Azure Operation Management Suite.

    Both looks not bad, but paying twice - it's not the best business approach. Also it's looks like duplication(I know the difference, but it's still very close to each other).

    I think we(Microsoft) can create Solution in OMS that will consume security info from Security Center. Or Security Center could consume OMS logs.. Anyway- 2 entities, 2 times paying- it's not the best business approach.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Conditional Access Policy and Named Location with date ranges

    We have employees temporarily traveling to countries that we otherwise want to block, because we are experiencing hacker attacks from e.g. China and Russia. It would be really helpful if we could enable a policy or named location that allows e.g. India for just a week or the period the person is traveling.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide ability to install SCEP from OMS

    You provide a nice Malware Assessment, it would be nice to be able to install SCEP Client on systems so you can make sure all your systems are protected as well as analyzed.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Show security score changes over time

    It would be great to view the security score metric over time. Allowing us to report back that is security is continuously improving within Azure.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Show the result of updating Definition and scanning

    Show the result of Definition updating and scanning

    We desire the additinoal function on Azure Security Center:
    - Showing the result of Definition updates for Windows Defender
    - Showing the result of scanning for virus

    Azure Security Center shows only malware protection is installed or not.
    Whether the "Definition is up-to-date" or "Scan is correct working" can only be seen directly from the OS.
    Even if we use Update Manament, but we can not see it in a centralized way.

    For example, it is very useful if there is a portal that can centrally manage the definition version of VM…

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intune

    Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. baseline exceptions or custom baselines

    I would like the possibility to add additional baseline checks and override the default baseline checks.

    For example I have additional groups in my denylogon user right assignments which now result in "failed" check.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure Stack - Implement Security Center

    After posting a thread on the forums asking if Security Center was available on azure stack, I then received a response saying that it is not just yet ? I was wondering please could this be implemented in as from the long number of hours doing research into it, will be a shame to not see it there.
    Thanks
    Callum

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Email Notifications for All Security Alerts in Security Centre

    Currently we only have the option to receive email notifications for High Severity Alerts in Azure Security Centre. It would be good to have the option to receive email notifications for alerts of all severities. This would allow us to pro-actively deal with all security alerts rather than wait for them to show up on a screen.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Reduce RBAC requirements for JIT to enable Support staff context

    Currently, in order to successfully request access to a VM via JIT the user requires Microsoft.Compute/virtualMachines/write/* RBAC access to the VM(s) in question. This seems like a heavy security requirement when JIT is often used by Support staff who should not be able to add/modify VMs in a Production environment.

    It should be possible to enable/block JIT on a per-VM basis, such that User Group A can request access to VM A and not VM B, and User Group B can request access to VM B and not VM A - I feel that this would be better served with…

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. False Positiv in Security and Audit

    Since a few week your Security and Audit Solution is showing a lot a false positives for malicious incoming and outgoing Internet traffic, like Twitter, Verisign, Microsoft (WTF??)

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback.
    The Malicious IP addresses are coming to OMS from multiple 3rd party feeds,
    The IP addresses are being updated on regular basis, if the issue fixed itself – let us know,
    If not – Send us several examples of IP addresses , so we can investigate.
    Thank you in advance,
    OMS PM Team

  20. ASC SecureScore available through Graph API or ASC Rest API

    Would like to have the ASC SecoreScore available through Graph or ASC Rest API's.
    This is to show them on our dashboard and have more attention on the score.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Exposing Secure Score through publicly documented REST APIs is something the team is actively working on. It should be available within 2-3 months.

    thanks,
    Gilad Elyashar, head of product, Azure Security Center

← Previous 1 3 4 5 11 12
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base