Security Center workflow automation should be linked to management groups
When using workflow automation in Azure Security Center, you need to associate a workflow (logic app) to a subscription.
But I have alot of subscriptions and new ones added every day.
I want a logic app to be run automatically when a threat is detected on multiple subscriptions. (I mean the logic to be associated to multiple subs)
So, I would argue to associate a workflow automation to a Management Group, so all subscriptions in that MG is associated with that workflow and will be run on threats detected on all subs in that MG. (which can of course also be root level)
This way, one can set workflows for production or test environmnets and also overall automatic workflows on threats or recommendations.