Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Support other Antivirus products in Malware Assessment

    I added the Malware Assessment Intelligence Pack today, and it seems to be listing all of my servers as not having any real time AV protection. The servers in question are running Symantec Endpoint Protection. I looked in the description of the intelligence pack to see what AV products it works with, but didn't find that info.

    [Edited during forum migration: comments/responses in the old forum included Symantec and Sophos]

    276 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    37 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Combine OMS and Azure Security Center

    Now we have 2 different solutions in Azure... OMS and Azure Security Center. Both looks not bad, but paying twice - it's not the best business approach. Also it's looks like duplication(I know the difference, but it's still very close to each other)

    I think we(Microsoft) can create Solution in OMS that will consume security info from Security Center.

    41 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support for all PaaS offerings

    App Services, API Management, Data Lake, HDInsight, Storage Accounts, Azure Redis, Load Balancer, AAD, etc... Aggregate all logs. Make them available to 3rd party SIEM options too.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for letting apps send custom alerts to Security Center

    For example, a security issue that an application looks for and detects. Allowing the application to send a message to security center, instead of some other log/location that might get overlooked.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Integration with Azure OMS

    Now we have at least 2 different azure features that covering Security topic.
    Security Center and Azure Operation Management Suite.

    Both looks not bad, but paying twice - it's not the best business approach. Also it's looks like duplication(I know the difference, but it's still very close to each other).

    I think we(Microsoft) can create Solution in OMS that will consume security info from Security Center. Or Security Center could consume OMS logs.. Anyway- 2 entities, 2 times paying- it's not the best business approach.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. security baseline failures

    I see post related to this, quite a few of the cce detections are messed up was is there an eta on getting these fixed.
    in this case its CCE-36977-7 that's creating false positives.
    thanks
    t

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Adjust baseline requirements to support IIS servers or custom environment changes.

    The baseline scans are failing on IIS servers, so maybe a more generic way to adjust the baseline rules on virtual machines would be helpful.

    An example of the the scenario is described here.

    https://azure.microsoft.com/en-us/documentation/articles/security-center-recommendations/#comment-2597306267

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. SQL Azure Firewall Rules recommendations to report very large IP ranges

    What currently is not reported is a very large range of IP addresses enabling access to SQL Azure. A rule 0.0.0.0- 255.255.255.255 will not be reported at all by Security Centre, but does pose a risk to the Database if the password and account is not strong and complex enough.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Incorrect Baseline CCE-38333-1

    CCE-38333-1

    LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : scremoveoption
    ...ExpectedResult:1
    ...ActualResult:NOT_EXISTS

    This setting exists although the baseline tool does not detect that it does. Perhaps its looking for an integer instead of a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Incorrect Baseline CCE-37439-7

    CCE-37439-7

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : cachedlogonscount
    ...ExpectedResult:4
    ...ActualResult:NOT_EXISTS

    This shows as not exists even though the registry value exists. Maybe its checking for an integer when it should really be checking for a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. CCE-37701-0 Incorrect Baseline

    CCE-37701-0

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
    ...ExpectedResult:0
    ...ActualResult:NOT_EXISTS

    The above baseline shows as non-existent even though it exists.

    Is the rule checking for a string or integer as this should be a string value per microsoft

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  12. GatewaySubnet NSG recommendation

    It is not allowed to attach a NSG to the GatewaySubnet in a virtual network. So it would be good if the recommendation in the Security Center of the GatewaySubnet would be not to attach a NSG.

    Just mark it as green, because we cannot attach a NSG to the GatewaySubnet.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. SOC

    The ability create a virtual SOC, automatically selecting all appropriate apps, services. I can go in to more detail, and design ideas if anyone wants.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Security Center already has some basic SOC features around monitoring and we’re certainly planing to extend those in the future. However, since SOC is a broad term it would help if you would be more specific about what exactly you had in mind and and what virtual SOC scenario you would find the most useful in Azure Security Center.

    Gilad Elyashar,
    Product Manager

  14. Additional Linux information on VM Security Details blade

    1- Can the Linux release and Kernel version be displayed in the VM Security Details blade (or elsewhere in Security Center)?

    2- Can the update count be displayed in that blade? Similar to the "x packages can be updated, y updates are security updates" message from the MOTD when logging in to Ubuntu over SSH.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Editing security policy, duplicate named blades

    When you click on Policy within the Prevention section of ASC, a blade opens called Security policy. When you click on a subscription or Resource group to edit policy, a new blade opens also called Security policy. This creates a bit of confusion when documenting Security Center features. Perhaps the blade where you edit policy should be called, "Edit security policy"?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base