Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Feedback regarding Azure Policy and Azure Security Center

    Hi Team,

    We found that if we remove the Azure Policy: [Preview]: Deploy Log Analytics Agent for Windows VMs, the installed agent will not be removed.

    Ask fo help:

    Can we add the logic that when we remove the Azure Policy, the platform will also ask you whether the corresponding configurations need to be removed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Is it possible to use other compliance reporting like National cyber Security Center (NCSC)

    Is it possible to include other compliance regularity reporting like cyber Essentials+ & National cyber Security Center (NCSC) into Azure Security Center

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure policy exclude Identity not just subscription/Resource group

    Currently when assigning a policy w can exclude Management Group / Subscription or a Resource Group. Is it possible to add User principal to the list.
    Use case, sometime operator or Security compliance office would need to update an out of compliance resource. when the Resource is out of compliance, write will fail due to deny policy, an exclude for a principal / Group ID would Come in handy

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Extended configuration for AntiMalware VM extension

    AntiMalware VM extension has only few parameter.
    Should be great to be able scheduling update signature with parameters :
    SignatureScheduleDay
    SignatureScheduleTime
    SignatureUpdateInterval

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. chrome....

    I don't want to ...

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. filter

    Add custom filter to choose Subscription name / Resource Group

    example :

    Threat protection --> Security Alerts over Time -->
    High Severity --> Resource group name , Subscription name

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Conditional Access Policy and Named Location with date ranges

    We have employees temporarily traveling to countries that we otherwise want to block, because we are experiencing hacker attacks from e.g. China and Russia. It would be really helpful if we could enable a policy or named location that allows e.g. India for just a week or the period the person is traveling.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure policy effects like deny, append... only work on newly created resources/resource groups

    Currently Azure policy effects like deny, append etc only gets applied to newly created resources/ resource groups not on to existing ones. This is a design limitation at this moment. It would be really helpful if we can bring this feature to existing resources also.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Make tags blade dependent on Azure policy.

    Currently tag blade is independent of Azure policy. For example, at this moment we don't have a feature in Azure policy which will auto populate the tag name field by the tag names which you have predefined in the policy. User has to manually enter the tag names. It would be really helpful if we can make tags blade dependent on Azure policy.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure policy does not support audit effect if we give nsg's destinating port range as a range

    Currently Azure policy doesn't have a feature which will audit if we give destination port ranges as a range.We can only audit for a single value but not for ranges. It will be very useful, if we can bring this feature soon.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Show cleared recommendations

    Some users would like to see a breakdown of the recommendation items that have already been met, i.e. how are they getting 295/643 points or whatever. The points that you are missing are shown under recommendations, but I don't see any way to show what you have successfully implemented.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Azure Information Protection in SharePoint Online

    Hello,

    Please allow set Sensitivity for all files stored in SharePoint Online.

    At this moment we can only Encrypt Documents library using Information Rights Management in SharePoint Online.

    But as example, we would like to set Sensitivity, for all files saved in our SharePoint Online tenant, in SharePoint Sites/Teams or users OneDrive Document libraries.

    At this moment it is possible if run PowerShell on End-User PC like:
    1. Query default Corporate OneDrive folder location
    2. Run: Get-ChildItem *.doc* -Recurse -Force | Set-AIPFileClassification -PreserveFileDetails

    But then each file will be downloaded to PC.

    So would be very useful to set Globally…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Monitorin On-prem servers with Threat Protection included

    when we try to add on-prem servers for monitoring using Threat Protection, we get an enormous amount of alerts. We have a scheduled PowerShell script running each day and this triggers an alert, one for each monitored server every day.
    We need a way to whitelist this script. Apparently there is an option of doing this for Azure VM's but this does not work for on-prem servers.
    So the rule could be something like ' if-this-script-is-run-by-this-user-from-this-location do not alert'.
    Or the better way may be to be able to use 'AppLocker' functionality and have that visible to and confirmed by…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure security center ARM template enable standard plan for all resources

    I can select the pricing tier in ARM template but that will just set pricing tier as standard and cover VMs. However, I would like have SQL servers and app services covered as well.
    What do I need to add to my my template?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. estoy conchrome doncoucegj@ en vez de jcouceg@gmail.com

    Al poner a cero el PC con mac sin el usb la 1ª vez Edge tomo las aplicaciones perdidas en el formateo de Chrome y no sé quien me ha puesto con ustedes y my nombre D.N.I. e identificación fiscal española:30.618.858-letra Q si coucegj@gmail.com, goravic782@outlook.com ó mi cuenta jcouceg@gmail.com

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Make Azure Security Center for IoT deployable to ARM Linux versions

    Many companies use Raspberry Pi's to prototype their future IoT deployments. I see that Azure Security Center for IoT is in public preview (which is awesome!), but it would be very helpful to have this available for testing in the Pi environment to allow vetting of its capabilities.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Integrate JIT with Azure Firewall

    It would be extremely useful to integrate JIT with Azure Firewall. This would allow JIT access to VMs without requiring a PIP for each VM as well as make security teams happier by not having a PIP attached to each VM that needs to be accessed remotely.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Define Actions for Recommendations

    We would like the option to define specific actions that can be triggered in response to recommendations. For instance, trigger a Playbook.

    A use case might be a Recommendation to install anti-malware. We could choose from a list of available actions to run a Playbook that triggers the anti-malware installation.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support other MFA products

    In ASC access & identity . We found out the account which has enabled third party MFA cannot be detected. The recommendation existed and this affect the secure score. can we plan to support third party solution like antimalware assessment as well?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Adaptive application control - configure user of manually added whitelisted paths

    It is possible to white list new paths in AAC - but these manually entered paths are available to Everyone.
    When adding new paths to be whitelisted, please add an option to be able to configure the users - so Everyone, Root, or users that AAC has detected on the specific VM. Granting permissions to AAD groups would even be better.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base