Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. ArcSight

    Allow for third party Security Information Event Management (SIEM) tools to be operated in the cloud to monitor the event logs. Solutions such as HP ArcSight are ideally suited to monitor event data to enrich the security analytics.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Intune

    Please support the integration of Intune, at least from a reporting capacity, to allow a single-pane view for total network security posture.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide ability to install SCEP from OMS

    You provide a nice Malware Assessment, it would be nice to be able to install SCEP Client on systems so you can make sure all your systems are protected as well as analyzed.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. False Positiv in Security and Audit

    Since a few week your Security and Audit Solution is showing a lot a false positives for malicious incoming and outgoing Internet traffic, like Twitter, Verisign, Microsoft (WTF??)

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback.
    The Malicious IP addresses are coming to OMS from multiple 3rd party feeds,
    The IP addresses are being updated on regular basis, if the issue fixed itself – let us know,
    If not – Send us several examples of IP addresses , so we can investigate.
    Thank you in advance,
    OMS PM Team

  5. Missing Scan Data : better categorisation when VM Shutdown and Force data refresh

    Within Azure Security Center / Virtual Machine Stream, we have a "Missing scan data" substream.

    "Missing scan data" containing a list of VM on which :
    * The VM is turn-off
    * The VM is turn-on (some change was done on VM, ie. Antimalware install or not done, a Linux VM was installed, the Azure Agent is installed, but no scan happen (yet) on VM (but VM is running for 4/5 days).

    We believe the management could be improved :
    * Some data are missing (because VM is shutdown)
    * Some data could be collected, but Azure Security Center not…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. What does "no realtime protection" and how to fix it?

    No clue what "no realtime data protection means" I clicked it from the security assement windows and I get here but have no way to understand how to fix it or read more. How should I fix that?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Security Center

    Add "Apply" option for all Security Center recommendation. Next step will be "Roll Back" option for implemented improvements.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. SQL Audit solution based on the SQL audit data stored on blob storage

    Azure has an option to collect SQL audit info and store them on blob storage. Please integrate that info in to the security and audit solution.

    https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for this feedback, I’ll pass it along to the solution team.

    Keep in mind, after we will have enabled custom ‘fields’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
    we will do ‘custom LOGs’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
    and there is a ‘Azure storage’ flavour of that platform feature too http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

    and those would be the generic building blocks to enable you (or third parties) to do that yourself, with or without a ‘canned’ solution pack.

  9. Guardicore

    Have you considered having Gaurdicore as a partner solution in the marketplace? I sawe their technology at Blackhat and this seems to be a gap in Azure Security Center.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Customize out-of-the-box querys for a solution

    Make it possible to change the Queries for a solution such as the malware assessment, where the Blade "Computers with detected threats" continues to show that there are active threats even though the threat have been remove. The reason is that the Query shows events for the last one day which may not be relevant if the events have be handled.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base