Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. Improve quality of Security Center logs accessible via GraphAPI

    My team exports Azure Security Center alerts to a third party for both long-term storage for legally required retention policies and trend analysis in an enterprise-wide (including non-MS technology) context. The current quality of logs exportable from the graph APIs is prohibitively ineffective due to critical information missing.

    This is an aggregate of missing data we've found over the past few months:


    • Malware alerts either do not provide file hashes or only SHA-1 is provided

    • Geographical anomaly alerts do not provide any geographical data (no IP address, no country, no region, etc)

    • IP anomaly alerts do not provide IP information
    34 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. ASC SecureScore available through Graph API or ASC Rest API

    Would like to have the ASC SecoreScore available through Graph or ASC Rest API's.
    This is to show them on our dashboard and have more attention on the score.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Exposing Secure Score through publicly documented REST APIs is something the team is actively working on. It should be available within 2-3 months.

    thanks,
    Gilad Elyashar, head of product, Azure Security Center

  3. Provide better reporting for Azure Security Center Container Registry Vulnerability Scanning

    We evaluated the new feature which in preview for ACR vulnerability scanning.

    It would be good if this provided better reporting by showing details on images that have been scanned, packages/software discovered even if they are showing not vulnerable.

    Our initial test of this feature shows it isn't accurate and we can't really see exactly what this scanned and is reporting is clean. Security center's vulnerability scanner shows 0 vulnerabilities, another container registry security scanner scanning the same images shows a lot of vulnerabilities.

    Another improvement when vulnerabilities are detected, is to be able to select an image and see…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Conditional Access Policy and Named Location with date ranges

    We have employees temporarily traveling to countries that we otherwise want to block, because we are experiencing hacker attacks from e.g. China and Russia. It would be really helpful if we could enable a policy or named location that allows e.g. India for just a week or the period the person is traveling.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Disable security alert types like "Anonymous IP address"

    Using the Tor Browser or any other VPN that anonymizes the IP address is in our scope not a security problem, but rather a necessity in countries where the government monitors activities. This floods our alerts and there is no way to turn that off.
    To me all security alert types need to be customizable.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. Integration with Qualys, patch management, installed patches, software, firmware.

    As we build more complex systems and connections the need becomes clear to find out how to connect data we collect from the Azure Security Center into Splunk. What I can not find is how we replicate the tasks inventory, patch management and vulnerability scans / assessments into something like Splunk. Maybe an operations training session on how to do security monitoring for basic services. I can imagine that we use security center and push alerts, data and logs to splunk. Any ideas of how to do this would be appreciated. We have Splunk, Security Center but I don't see…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  7. API to retrieve the scores like the MS Secure Score!

    We are already pulling the MS Secure Score from (MS Graph API). The same is needed for Azure. I am surprised that it isn't already available.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Information Protection for Encrypted and Protected Attachments Label assignment Feature

    Currently AIP is not supporting to assign the protected labels for encrypted and password protected files. If i am planning to send the Internal communication with attachments (Attachments are encrypted), I am unable to assign the AIP protected labels for the files to send the communications through email. Please let me know when we can expect this feature.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Security Centre Recommendations - Show estimated costs

    Azure Security Centre Recommendations - Show estimated costs.
    Azure Security Centre shows recommendations of actions to take to enhance the security of an environment.

    While this is a great feature, I find it difficult today to at least Estimate the cost implications of the recommendations.
    This is to the point that recommendations that may have low or no cost implication may not be implemented due to concerns around costs.

    There appears to be no way currently to calculate estimates of cost increase for a tenant. Azure cost calculator is insufficient for this, and estimates of $ value per GB is…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Manage false positives with custom rules/exceptions

    We get a lot of false positivies in security center, it would be useful to be able to add in exceptions to stop these from triggering alerts to stop the noise so we can focus on the legitimate alerts.

    For example, we would like to be able to define a rule that whitelists users in our active directory AND logging in from a trusted location.

    Other customiseable rules would also be useful to allow people to better tailor the alerting security center provides.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Consolidate multiple recommandations into one

    As of now Security Center gives me multiple recommendations to fix the same thing. As an example:


    1. SC recommends to harden a NSG associated with a VM by blocking SSH access.

    2. SC recommends to enable JIT (which will solve point no 1).

    In the case you want both 1 and 2 I would like Security Center to recommend applying point 2 to remediate both 1 and 2.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Documentation of Advanced Threat Protection alerts can be improved

    Documentation can be much clear.
    https://docs.microsoft.com/en-us/azure/sql-database/sql-database-threat-detection-overview

    User should understand Advanced Threat Protection alerts types as in screenshot wrt what is provided in above link like if I uncheck any alert type in screenshot, I would like to understand what kind of alerts mentioned in the link would not come to us. It should show difference between “Data exfiltration” and “Unsafe action” and how is “Unsafe action” differ from “Anomalous Client login” and how that is referred in link.
    The document should also have sample of each email alert triggered to users and it should be inline to the alert type…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. ASC recommendations | Possibility to disable recommendation if its affect specific resources.

    ASC recommendations | Possibility to disable recommendation if it affects specific resources. It should be a possibility if you go to a specific resource and take security blade for that resource you see all recommendations for that resource and there should be a possibility to dismiss it. Also, it should not appear after dismissed in the security center anymore. This recommendations are the same for all costumers, but business needs are not the same. Now In order to disable recommendations, I can disable auditing in security policy for a whole recommendation or get to resource and disable Security policy for…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    thanks for your feedback,

    dismiss capability for specifc recommendations on specific resources is something we’re working on and will have in ASC. No ETA I can share at this point.

    thanks,
    Gilad Elyashar, head of product, Azure Security Center

  14. Analysis Service Server(AAS) Firewall IP range in Azure policy.

    We are facing challenges in implement the policy to check the range start and range End for the firewall setting in AAS server. The Firewall IP is always accepted in IPv4 Format. This IP value in the azure policy  is taken as string comparison. So the Policy checks for that exact IP and denies for any other input. 
    The policy is not supporting If we want to enable multiple IP range conditions. Using "match condition" in the policy accepts only one scenario but not for multiple ranges.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Vulnerability Assessment logs should contain the resource or subscription id inoformation to make it easy to indentify the exact resource

    Vulnerability Assessment logs do not contain the resource or subscription id, just server name and database name.
    Should the resource and subscription Id will be included in the Vulnerability Assessment in the near future ?we want the subscription ID and resource group name in Vulnerability Assessment log to make it easy to identify.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add CentOS 7.7 to built-in vulnerability assessment feature

    Please extend the support for built-in on CentOS 7.7

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide ALL information about alerts in the export/download csv feature, including source IP address and user details

    Currently the download CSV feature in security alerts only provides a very limited set of information. To obtain more information on the alerts you need to click into a specific alert and then into a specific occurrence. This is a very manual process. It would be much more useful to be able to export this granular information about all the alerts at once.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Include tenant name in alerts from Azure Security Center

    For a MSP, it's not easy to know what customer an alert comes from when you don't include ANY info about the tenant in alerts from Azure Security Center.
    Please include Azure tenant name and id in alerts from Azure Security Center.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Nessus agent detected as fileless attack toolkit by ASC

    My Organization uses Nessus Agent as a VA solution but ASC is detecting it as fileless attack toolkit. How to avoid this false positive. Not sure how other ASC customers having nessus solutions handling this type of alerts.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Email Alert for Regulatory compliance

    There should be option for Email Alert for Regulatory compliance as and when it's ready it' should send out email alert and frequency of alert also manageable along with recipients

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 10 11
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base