Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. Oracle Audit trail

    Allow Log Analytics to ingest Oracle Audit Trails on Operating System when based on XML Format. This will help to include this audit into security & audit solution

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. ASC SecureScore available through Graph API or ASC Rest API

    Would like to have the ASC SecoreScore available through Graph or ASC Rest API's.
    This is to show them on our dashboard and have more attention on the score.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the feedback. Exposing Secure Score through publicly documented REST APIs is something the team is actively working on. It should be available within 2-3 months.

    thanks,
    Gilad Elyashar, head of product, Azure Security Center

  3. Reduce RBAC requirements for JIT to enable Support staff context

    Currently, in order to successfully request access to a VM via JIT the user requires Microsoft.Compute/virtualMachines/write/* RBAC access to the VM(s) in question. This seems like a heavy security requirement when JIT is often used by Support staff who should not be able to add/modify VMs in a Production environment.

    It should be possible to enable/block JIT on a per-VM basis, such that User Group A can request access to VM A and not VM B, and User Group B can request access to VM B and not VM A - I feel that this would be better served with…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Close the door! Revoke an existing JIT access rule

    When a supplier received access to a Virtual Machine, which is guarded by JIT, I'd like to be able to close the door on him/her, when I find that they're done or breaking things in the environment.

    I'd like a mechanism in JIT to close the virtual door on them, before the set time is reached.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Missing Scan Data : better categorisation when VM Shutdown and Force data refresh

    Within Azure Security Center / Virtual Machine Stream, we have a "Missing scan data" substream.

    "Missing scan data" containing a list of VM on which :
    * The VM is turn-off
    * The VM is turn-on (some change was done on VM, ie. Antimalware install or not done, a Linux VM was installed, the Azure Agent is installed, but no scan happen (yet) on VM (but VM is running for 4/5 days).

    We believe the management could be improved :
    * Some data are missing (because VM is shutdown)
    * Some data could be collected, but Azure Security Center not…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. security baseline failures

    I see post related to this, quite a few of the cce detections are messed up was is there an eta on getting these fixed.
    in this case its CCE-36977-7 that's creating false positives.
    thanks
    t

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Adjust baseline requirements to support IIS servers or custom environment changes.

    The baseline scans are failing on IIS servers, so maybe a more generic way to adjust the baseline rules on virtual machines would be helpful.

    An example of the the scenario is described here.

    https://azure.microsoft.com/en-us/documentation/articles/security-center-recommendations/#comment-2597306267

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. SQL Azure Firewall Rules recommendations to report very large IP ranges

    What currently is not reported is a very large range of IP addresses enabling access to SQL Azure. A rule 0.0.0.0- 255.255.255.255 will not be reported at all by Security Centre, but does pose a risk to the Database if the password and account is not strong and complex enough.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support for Cloud Services

    Today, Azure Security Center provides monitoring for Virtual Machines (including VMs that are part of Service Fabric Clusters), Virtual Networks, and Azure SQL Database. What about Cloud Services (Web and Worker roles)? Do you want to be able to manage security for Cloud Services in Security Center as well? If so, vote for this idea and share any specific requirements in the comments.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. What does "no realtime protection" and how to fix it?

    No clue what "no realtime data protection means" I clicked it from the security assement windows and I get here but have no way to understand how to fix it or read more. How should I fix that?

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Information Protection for Encrypted and Protected Attachments Label assignment Feature

    Currently AIP is not supporting to assign the protected labels for encrypted and password protected files. If i am planning to send the Internal communication with attachments (Attachments are encrypted), I am unable to assign the AIP protected labels for the files to send the communications through email. Please let me know when we can expect this feature.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. JIT administration should be included in the Free Tier of Security Center

    JIT administration should be included in the Free Tier.

    For someone just wanting to use JIT but not the other features of the Standard tier of Security Center, it's way too cost prohibitive to upgrade to standard just for this.

    JIT should be more of a feature included with the Azure Portal as part of management features and not bundled in with Security Center (or, included in the free tier)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Dismissing WAF Alerts Should Turn Application Tile Green

    According to the product group, dismissing a Web Application Firewall not present alert is not supposed to turn the application tile green. This is done on purpose as to not give the user a false-sense of security. However, the reason the dismiss button exists is so that users who are aware of this and have other measures in place can dismiss the item and turn the application tile green.

    There are cases where a WAF may be in use but ASC isn't aware of that. Such as a VM running a network appliance with a built in WAF from a…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Provide functionality to remediate OS vulnerabilities identified by Security Center (and revert if they cause issues)

    Security Center provides many recommendations to harden OS vulnerabilities, but doesn't currently offer the option to remediate them. It would be very time consuming for customers to develop their own fixes in isolation and would cause huge duplication of effort - please would Microsoft provide the option to apply the hardening to VMs via Security Center, with the option to "undo" if it causes problems.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Security Center

    Add "Apply" option for all Security Center recommendation. Next step will be "Roll Back" option for implemented improvements.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Analysis Service Server(AAS) Firewall IP range in Azure policy.

    We are facing challenges in implement the policy to check the range start and range End for the firewall setting in AAS server. The Firewall IP is always accepted in IPv4 Format. This IP value in the azure policy  is taken as string comparison. So the Policy checks for that exact IP and denies for any other input. 
    The policy is not supporting If we want to enable multiple IP range conditions. Using "match condition" in the policy accepts only one scenario but not for multiple ranges.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure policy does not support audit effect if we give nsg's destinating port range as a range

    Currently Azure policy doesn't have a feature which will audit if we give destination port ranges as a range.We can only audit for a single value but not for ranges. It will be very useful, if we can bring this feature soon.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Connecting application gateway to security center via ARM

    The documentation explaining how to connect an Application Gateway/WAF to security center all use the portal to make the connection. While this is fine for trying out the functionality we need a way to do this by using ARM and Powershell in order to be able to automate it.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Cloud App Security

    add cloud app sécurity alert into OMS portal

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Include reponsible user to event

    Hi All, awsome product. Just did a test with vulnarabilty assessment. I introduced an eicar test string on one of our vm's. An event was triggerd in OMS. But seems there is some important information missing in the event. The username is not included. (EventId 1116, Microsoft Antimalware) does include the user. Would be a nice addition to include the username of the account that was "responsible" for the generation of the alert.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base