Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. Audit Public Blob Containers

    Audit and display the number of Azure blob containers that are publically accessible. This is important as data leaks often occur due to data being publically accessible (e.g. public AWS S3 Buckets)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Audit Azure Storage Require Secure Transfer

    Audit whether Require Secure Transfer is enabled on Azure Storage accounts, similar to whether encryption is enabled.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Include Registry Path in Security Recommendation

    A nice to have would be if the registry path was provided with the Security Recommendation instead of only listing the incorrect value. It would make the recommendation more complete

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. include AD object deletes in Events collected by OMS

    include AD object deletes in Events collected by OMS
    user, computer, group deletes etc are not collected by OMS.
    a whole sale review of the Active Directory Events collected by OMS needs to be implemented to ensure OMS is a valuable audit platform

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. For all alerts like Metrics, OMS... there is one option to automate like automation account and Runbook. like that please enable in ASC too

    For all alerts like Metrics, OMS... there is one option automate like automation account and Runbook. like that please enable in ASC too.

    For all alerts like Metrics, OMS... there is one option to automate like automation account and Runbook. like that please enable in ASC too.
    We have to to automate with service now. A ticket have to be created when ASC trigger any alerts. we need some automation feature to do the same?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Baseline CCEs conflict

    Hello.
    There are two CCE with description "Interactive logon: Interactive logon: Number of previous logons to cache (in case domain controller is not available)".
    CCE-10926-4 says that this number must be set to 0
    CCE-37437-7 says that this number must be set to 4

    I made one policy for all servers according to CCE-37473-7 and received a bunch of failed events. I realize that they are targeting different server OS, but for such events there must be a union CCE, or newer CCE must supersede old.

    This kind of baseline rule is not server-specific.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Baseline rules and default values

    I'l start with the one sample.
    Security baseline rule "Devices: Allowed to format and eject removable media".

    AnalyzeResult:Failed
    RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
    ExpectedResult:2
    ActualResult:NOT_EXISTS

    But if we switch to "Security Baseline Rules" tab, we can read that default value is "Administrators".

    So, we have a lot of not configured policies, in every one not-configured policy state is matching baseline rule. But analyzer forces us to go and configure it directly. I think this is a lot of unnecessary work here, and comparing to default policy value must be added.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. WHAT, Ican't change my phone number

    Be able to change my phone number

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Hi, regarding sending this log to SIEM through azur log integrator.

    Add-AzLogEventDestination -Name *** -SyslogServer x.x.x.x -SyslogFormat CEF.
    I ran above command as per your doc.
    But still i'm getting logs into my SIEM as LEEF format only.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow reporting on sign-ins for specific applications through reporting API for Azure AD Free consistent with the Azure Portal.

    Under Enterprise applications > All applications > My App > Sign-ins, you can see individual sign-ins within a specific application even with Azure AD Free. The reporting API should provide similar access for Azure AD Free subscriptions.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Security dashboard - Ti tile is gray

    The TI tile looks gray and doesn't show the type name on the right.

    pls advice,
    thanks,
    Orco

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. support protecting individual SAAS web applications by a WAF

    Web apps which are not behind WAF show as compliant.

    Can Azure security center currently support protecting individual SAAS web applications by a WAF ?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. security baseline failure when OS is in different language

    Baselines for audit policies are failing because it's looking for the English words "success and failure" but the results are in German: Erfolg und Fehler

    10/4/2017 2:05:34.747 PM | SecurityBaseline
    ...TimeGenerated:10/4/2017 2:05:34.747 PM
    ...Computer:S-KCS-038.kcs.local
    ...BaselineType:WindowsOS
    ...OSName:Windows Server 2012 R2 Standard
    ...CceId:CCE-37853-9
    ...RuleSeverity:Informational
    ...BaselineRuleType:Audit Policy
    ...Description:Audit Policy: System: IPsec Driver
    ...AnalyzeResult:Failed
    ...SourceSystem:OpsManager
    ...ManagementGroupName:AOI-9635f82e-42a2-4d60-9e51-70daff6719a1
    ...SourceComputerId:4d0a14dd-25c2-4bf6-a56c-0a597b602276
    ...ComputerEnvironment:Non-Azure
    ...AssessmentId:8f272df7-dcc2-405f-86d6-febfdff9e2d2
    ...RuleSetting:0cce9213-69ae-11d9-bed3-505054503030
    ...ExpectedResult:Success and Failure
    ...ActualResult:Erfolg und Fehler

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. New integration with Microsoft ATA logs only the netbios name of the ATA server

    The new integration described her:
    https://blogs.technet.microsoft.com/msoms/2017/03/09/microsoft-advanced-threat-analytics-support-in-oms-security/
    logs only the netbios name for Computer field. The old integration logs the full name of the server (with fqdn). The new integration should log the full name so it matches with the other logs ingested in OMS.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Show cleared recommendations

    Some users would like to see a breakdown of the recommendation items that have already been met, i.e. how are they getting 295/643 points or whatever. The points that you are missing are shown under recommendations, but I don't see any way to show what you have successfully implemented.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
1 2 6 7 8 10 Next →
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base