Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Support other Antivirus products in Malware Assessment

    I added the Malware Assessment Intelligence Pack today, and it seems to be listing all of my servers as not having any real time AV protection. The servers in question are running Symantec Endpoint Protection. I looked in the description of the intelligence pack to see what AV products it works with, but didn't find that info.

    [Edited during forum migration: comments/responses in the old forum included Symantec and Sophos]

    273 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    37 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Export to CSV

    Interested in generating reports on recommendations or security alerts in Security Center? If you could export this data to a CSV, you could create your own reports in Excel or PowerBI to share with others within in organization. Vote for this idea if you would export Security Center data to a CSV.

    74 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    62 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Dashboard and Search function to find locked out accounts and what device is locking them out

    So I would like a dashboard and search function to be able to see and search for accounts that are locked out in Active Directory as well as the corresponding device name and IP address. If you are pulling the logs from Exchange and Active Directory it would seem the data is there it just needs to be put together and presented. This would be nice as currently we dig through AD and Exchange logs to find this information and it is time consuming.

    45 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow custom flexible Security events filtering

    Security solution now allows filter security events: https://blogs.technet.microsoft.com/msoms/2016/11/08/filter-the-security-events-the-oms-security-collects/

    It will be good if this solution also support a "Custom" option to allow customers to specify what events to collect (in addition to pre-configured lists). Also it will be good if the customer supplied filter supports wildcards and RegEx support.

    43 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    18 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. File and Folder Audit

    It would be really appreciated, if Microsoft would create a "File and Folder audit" Intelligent Solution Pack for monitoring/auditing users access to files and folders like the capabilities provided by System Center Operations Manager Audit Collection Services.

    We would like to see the same insights in this "File and Folder" solution pack as you provide with the Office 365 Solution Pack.

    - File Access
    - File Change
    - File Delete
    - File Create
    - File Permission Change
    - Folder Access
    - Folder Delete
    - Folder Change
    - Folder Permission Change
    - Folder Create
    - etc.

    Features:
    - The visual overview…

    39 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Combine OMS and Azure Security Center

    Now we have 2 different solutions in Azure... OMS and Azure Security Center. Both looks not bad, but paying twice - it's not the best business approach. Also it's looks like duplication(I know the difference, but it's still very close to each other)

    I think we(Microsoft) can create Solution in OMS that will consume security info from Security Center.

    39 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add support for Virtual Machine Scale Sets

    We use VM scale sets when provisioning our environment in Azure. These scale set VMs are not supported by Azure Security Center. Please consider adding support for VM scale sets.

    32 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. ArcSight

    Allow for third party Security Information Event Management (SIEM) tools to be operated in the cloud to monitor the event logs. Solutions such as HP ArcSight are ideally suited to monitor event data to enrich the security analytics.

    24 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Map security recommendations to NIST CCE's / NIST 800-53 controls

    Map security setting recommendations to standards bodies such as NIST 800-53 controls so this solution can be offered inside Federal Cloud scenarios.

    Provide traceability down to the CCE level and an automated way to EASILY import the data into IT-GRC dashboards, or alternatively build an IT-GRC solution and link the data to it.

    23 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support for all PaaS offerings

    App Services, API Management, Data Lake, HDInsight, Storage Accounts, Azure Redis, Load Balancer, AAD, etc... Aggregate all logs. Make them available to 3rd party SIEM options too.

    22 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Does Security center playbook can be triggered automatically when any alert get fired?

    I have explored security center playbook , but found that we need to trigger it manually. It will be great if we can map certain alert with playbook and when that alert is fired our playbook will be triggered automatically.

    20 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Alert acknowledgement

    Is there a way to acknowledge Alert so the email notifications are no longer triggered? For example Malware was stopped on a PC, alert triggered an email notification that malware was detected and stopped/remediated .. I looked at the alert and issue and all is OK, .but the alert keeps sending email messages?

    19 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for ATA

    It would be valuable to get support for ATA for Azure Active Directory in ASC. We like the visual workflow and investigations. https://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/

    17 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support for letting apps send custom alerts to Security Center

    For example, a security issue that an application looks for and detects. Allowing the application to send a message to security center, instead of some other log/location that might get overlooked.

    17 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Integration with Azure OMS

    Now we have at least 2 different azure features that covering Security topic.
    Security Center and Azure Operation Management Suite.

    Both looks not bad, but paying twice - it's not the best business approach. Also it's looks like duplication(I know the difference, but it's still very close to each other).

    I think we(Microsoft) can create Solution in OMS that will consume security info from Security Center. Or Security Center could consume OMS logs.. Anyway- 2 entities, 2 times paying- it's not the best business approach.

    15 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide ability to install SCEP from OMS

    You provide a nice Malware Assessment, it would be nice to be able to install SCEP Client on systems so you can make sure all your systems are protected as well as analyzed.

    15 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Show the result of updating Definition and scanning

    Show the result of Definition updating and scanning

    We desire the additinoal function on Azure Security Center:
    - Showing the result of Definition updates for Windows Defender
    - Showing the result of scanning for virus

    Azure Security Center shows only malware protection is installed or not.
    Whether the "Definition is up-to-date" or "Scan is correct working" can only be seen directly from the OS.
    Even if we use Update Manament, but we can not see it in a centralized way.

    For example, it is very useful if there is a portal that can centrally manage the definition version of VM…

    12 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Acknowledge recommendations with comment and / or a timeframe

    Can we get a field after we dismiss a recommendation. And if possible maybe we can dismiss the recommendation for a period of time. For example, we call the department that manages the affected VM and they will implement the recommendation next week. With the possibility to dismiss for a period of time we can check again in a week.

    12 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. baseline exceptions or custom baselines

    I would like the possibility to add additional baseline checks and override the default baseline checks.

    For example I have additional groups in my denylogon user right assignments which now result in "failed" check.

    12 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure Stack - Implement Security Center

    After posting a thread on the forums asking if Security Center was available on azure stack, I then received a response saying that it is not just yet ? I was wondering please could this be implemented in as from the long number of hours doing research into it, will be a shame to not see it there.
    Thanks
    Callum

    12 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base