Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. False Positiv in Security and Audit

    Since a few week your Security and Audit Solution is showing a lot a false positives for malicious incoming and outgoing Internet traffic, like Twitter, Verisign, Microsoft (WTF??)

    11 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    9 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback.
    The Malicious IP addresses are coming to OMS from multiple 3rd party feeds,
    The IP addresses are being updated on regular basis, if the issue fixed itself – let us know,
    If not – Send us several examples of IP addresses , so we can investigate.
    Thank you in advance,
    OMS PM Team

  2. Suppressing Individual alerts in Security Center

    Currently there is no way to suppress or make a alert silent for a particular time frame or permanently. This is one thing which will really help if implemented. At times security center keeps throwing alert for a process which you know is not malicious but have no way to stop Security Center send email alerts repeatedly for the same thing.
    There should be a way to either stop or suppress, individual alerts so that one can focus on other alerts and take action on them instead of thinking it is the same alert and no action is required

    10 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Security Center should monitor which NSG rules are used

    ASC should provide recommendation for which NSG rules that needs to be reviewed, if they are not used for a long time.

    This would be great

    10 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. SIEM Replacement

    Hi,
    Do you have an agenda for transforming Security Center into a SIEM solution?

    9 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. make it possible to exclude specific VM/Resource groups from ASC

    We sometimes run into situations where ASC agent causes problems on specific VM's. This leads into disabling ASC on the complete subscription as we cannot exclude specific machines

    9 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Oracle Audit trail

    Allow Log Analytics to ingest Oracle Audit Trails on Operating System when based on XML Format. This will help to include this audit into security & audit solution

    9 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Create a builtin policy to deployIfNotExists ASC

    As an enterprise cloud custodian team, we want to ensure that ASC Standard is enabled on all subscriptions with auto provisioning to all VMs and collection to a centralized instance of Log Analytics so that our SecOps team has complete visibility into all resources in all subscriptions in the tenant.

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Missing Scan Data : better categorisation when VM Shutdown and Force data refresh

    Within Azure Security Center / Virtual Machine Stream, we have a "Missing scan data" substream.

    "Missing scan data" containing a list of VM on which :
    * The VM is turn-off
    * The VM is turn-on (some change was done on VM, ie. Antimalware install or not done, a Linux VM was installed, the Azure Agent is installed, but no scan happen (yet) on VM (but VM is running for 4/5 days).

    We believe the management could be improved :
    * Some data are missing (because VM is shutdown)
    * Some data could be collected, but Azure Security Center not…

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. security baseline failures

    I see post related to this, quite a few of the cce detections are messed up was is there an eta on getting these fixed.
    in this case its CCE-36977-7 that's creating false positives.
    thanks
    t

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Adjust baseline requirements to support IIS servers or custom environment changes.

    The baseline scans are failing on IIS servers, so maybe a more generic way to adjust the baseline rules on virtual machines would be helpful.

    An example of the the scenario is described here.

    https://azure.microsoft.com/en-us/documentation/articles/security-center-recommendations/#comment-2597306267

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. SQL Azure Firewall Rules recommendations to report very large IP ranges

    What currently is not reported is a very large range of IP addresses enabling access to SQL Azure. A rule 0.0.0.0- 255.255.255.255 will not be reported at all by Security Centre, but does pose a risk to the Database if the password and account is not strong and complex enough.

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. What does "no realtime protection" and how to fix it?

    No clue what "no realtime data protection means" I clicked it from the security assement windows and I get here but have no way to understand how to fix it or read more. How should I fix that?

    8 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. JIT administration should be included in the Free Tier of Security Center

    JIT administration should be included in the Free Tier.

    For someone just wanting to use JIT but not the other features of the Standard tier of Security Center, it's way too cost prohibitive to upgrade to standard just for this.

    JIT should be more of a feature included with the Azure Portal as part of management features and not bundled in with Security Center (or, included in the free tier)

    7 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Email Notifications for All Security Alerts in Security Centre

    Currently we only have the option to receive email notifications for High Severity Alerts in Azure Security Centre. It would be good to have the option to receive email notifications for alerts of all severities. This would allow us to pro-actively deal with all security alerts rather than wait for them to show up on a screen.

    7 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Include reponsible user to event

    Hi All, awsome product. Just did a test with vulnarabilty assessment. I introduced an eicar test string on one of our vm's. An event was triggerd in OMS. But seems there is some important information missing in the event. The username is not included. (EventId 1116, Microsoft Antimalware) does include the user. Would be a nice addition to include the username of the account that was "responsible" for the generation of the alert.

    7 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Security Center

    Add "Apply" option for all Security Center recommendation. Next step will be "Roll Back" option for implemented improvements.

    7 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support for Cloud Services

    Today, Azure Security Center provides monitoring for Virtual Machines (including VMs that are part of Service Fabric Clusters), Virtual Networks, and Azure SQL Database. What about Cloud Services (Web and Worker roles)? Do you want to be able to manage security for Cloud Services in Security Center as well? If so, vote for this idea and share any specific requirements in the comments.

    7 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Show security score changes over time

    It would be great to view the security score metric over time. Allowing us to report back that is security is continuously improving within Azure.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Connecting application gateway to security center via ARM

    The documentation explaining how to connect an Application Gateway/WAF to security center all use the portal to make the connection. While this is fine for trying out the functionality we need a way to do this by using ARM and Powershell in order to be able to automate it.

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Dismissing WAF Alerts Should Turn Application Tile Green

    According to the product group, dismissing a Web Application Firewall not present alert is not supposed to turn the application tile green. This is done on purpose as to not give the user a false-sense of security. However, the reason the dismiss button exists is so that users who are aware of this and have other measures in place can dismiss the item and turn the application tile green.

    There are cases where a WAF may be in use but ASC isn't aware of that. Such as a VM running a network appliance with a built in WAF from a…

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base