Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Export to CSV

    Interested in generating reports on recommendations or security alerts in Security Center? If you could export this data to a CSV, you could create your own reports in Excel or PowerBI to share with others within in organization. Vote for this idea if you would export Security Center data to a CSV.

    86 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    66 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dashboard and Search function to find locked out accounts and what device is locking them out

    So I would like a dashboard and search function to be able to see and search for accounts that are locked out in Active Directory as well as the corresponding device name and IP address. If you are pulling the logs from Exchange and Active Directory it would seem the data is there it just needs to be put together and presented. This would be nice as currently we dig through AD and Exchange logs to find this information and it is time consuming.

    47 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add support for Virtual Machine Scale Sets

    We use VM scale sets when provisioning our environment in Azure. These scale set VMs are not supported by Azure Security Center. Please consider adding support for VM scale sets.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. ArcSight

    Allow for third party Security Information Event Management (SIEM) tools to be operated in the cloud to monitor the event logs. Solutions such as HP ArcSight are ideally suited to monitor event data to enrich the security analytics.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Map security recommendations to NIST CCE's / NIST 800-53 controls

    Map security setting recommendations to standards bodies such as NIST 800-53 controls so this solution can be offered inside Federal Cloud scenarios.

    Provide traceability down to the CCE level and an automated way to EASILY import the data into IT-GRC dashboards, or alternatively build an IT-GRC solution and link the data to it.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support for ATA

    It would be valuable to get support for ATA for Azure Active Directory in ASC. We like the visual workflow and investigations. https://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide ability to install SCEP from OMS

    You provide a nice Malware Assessment, it would be nice to be able to install SCEP Client on systems so you can make sure all your systems are protected as well as analyzed.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Intune

    Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. False Positiv in Security and Audit

    Since a few week your Security and Audit Solution is showing a lot a false positives for malicious incoming and outgoing Internet traffic, like Twitter, Verisign, Microsoft (WTF??)

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback.
    The Malicious IP addresses are coming to OMS from multiple 3rd party feeds,
    The IP addresses are being updated on regular basis, if the issue fixed itself – let us know,
    If not – Send us several examples of IP addresses , so we can investigate.
    Thank you in advance,
    OMS PM Team

  10. Azure Security Center should monitor which NSG rules are used

    ASC should provide recommendation for which NSG rules that needs to be reviewed, if they are not used for a long time.

    This would be great

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Missing Scan Data : better categorisation when VM Shutdown and Force data refresh

    Within Azure Security Center / Virtual Machine Stream, we have a "Missing scan data" substream.

    "Missing scan data" containing a list of VM on which :
    * The VM is turn-off
    * The VM is turn-on (some change was done on VM, ie. Antimalware install or not done, a Linux VM was installed, the Azure Agent is installed, but no scan happen (yet) on VM (but VM is running for 4/5 days).

    We believe the management could be improved :
    * Some data are missing (because VM is shutdown)
    * Some data could be collected, but Azure Security Center not…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. What does "no realtime protection" and how to fix it?

    No clue what "no realtime data protection means" I clicked it from the security assement windows and I get here but have no way to understand how to fix it or read more. How should I fix that?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Security Center

    Add "Apply" option for all Security Center recommendation. Next step will be "Roll Back" option for implemented improvements.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. SQL Audit solution based on the SQL audit data stored on blob storage

    Azure has an option to collect SQL audit info and store them on blob storage. Please integrate that info in to the security and audit solution.

    https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for this feedback, I’ll pass it along to the solution team.

    Keep in mind, after we will have enabled custom ‘fields’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
    we will do ‘custom LOGs’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
    and there is a ‘Azure storage’ flavour of that platform feature too http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

    and those would be the generic building blocks to enable you (or third parties) to do that yourself, with or without a ‘canned’ solution pack.

  15. ASC broken Fix please: Users who are Owner of VMs should see VMs in ASC

    Azure Security Center is broken, Fix please: Users who are Owner of VMs should see VMs in Azure Security Center

    Although documented here https://azure.microsoft.com/nl-nl/documentation/articles/security-center-faq/
    "... this means that users will only see items related to resources where the user is assigned the role of Owner, Contributor, or Reader to the subscription or resource group that a resource belongs to."
    This does not work in a full ARM RBAC Model setup.

    Users who are Owner of VMs, don't see VMs in Azure Security Center.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks.

    Indeed today Azure Security Center has experiences that can’t live in a single resource hierarchy and so not applicable for users with access to a single resource (i.e. and not the the containing subscription/resource group). We will look into adding a scoped down resource level experience for such users. No ETA to provide at this point.

    Thanks,
    Gilad Elyashar
    Product Manager

  16. Guardicore

    Have you considered having Gaurdicore as a partner solution in the marketplace? I sawe their technology at Blackhat and this seems to be a gap in Azure Security Center.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Customize out-of-the-box querys for a solution

    Make it possible to change the Queries for a solution such as the malware assessment, where the Blade "Computers with detected threats" continues to show that there are active threats even though the threat have been remove. The reason is that the Query shows events for the last one day which may not be relevant if the events have be handled.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base