Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Add support fro cross-tenant with Azure Security Center

    We have more and more customers, where dedicating a hub tenant with cross security ressources (centralized WAF, OMS, ...). But with ASC, we are unable to add subscription in different tenants at this time, it could be really useful. Thanks

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Cloud App Security

    add cloud app sécurity alert into OMS portal

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. SQL Audit solution based on the SQL audit data stored on blob storage

    Azure has an option to collect SQL audit info and store them on blob storage. Please integrate that info in to the security and audit solution.

    https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/

    6 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for this feedback, I’ll pass it along to the solution team.

    Keep in mind, after we will have enabled custom ‘fields’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
    we will do ‘custom LOGs’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
    and there is a ‘Azure storage’ flavour of that platform feature too http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

    and those would be the generic building blocks to enable you (or third parties) to do that yourself, with or without a ‘canned’ solution pack.

  4. MaliciousIP 127.0.0.1

    I get a lot of alerts saying that 127.0.0.1 is a MaliciousIP, is this a bug?

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Generate security audits fails

    Azure complains about "Generate security audits":

    EXPECTED VALUELocal Service, Network Service, IIS APPPOOL\DefaultAppPool

    Which actually are there.. even that Azure says:

    ACTUAL VALUE*S-1-5-19,*S-1-5-20,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Incorrect Baseline CCE-38333-1

    CCE-38333-1

    LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : scremoveoption
    ...ExpectedResult:1
    ...ActualResult:NOT_EXISTS

    This setting exists although the baseline tool does not detect that it does. Perhaps its looking for an integer instead of a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Incorrect Baseline CCE-37439-7

    CCE-37439-7

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : cachedlogonscount
    ...ExpectedResult:4
    ...ActualResult:NOT_EXISTS

    This shows as not exists even though the registry value exists. Maybe its checking for an integer when it should really be checking for a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. CCE-37701-0 Incorrect Baseline

    CCE-37701-0

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
    ...ExpectedResult:0
    ...ActualResult:NOT_EXISTS

    The above baseline shows as non-existent even though it exists.

    Is the rule checking for a string or integer as this should be a string value per microsoft

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Failed Logins

    Seeing Failed Login Attempts and then checking the event log on the actual computers and seeing no such actions

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. ASC broken Fix please: Users who are Owner of VMs should see VMs in ASC

    Azure Security Center is broken, Fix please: Users who are Owner of VMs should see VMs in Azure Security Center

    Although documented here https://azure.microsoft.com/nl-nl/documentation/articles/security-center-faq/
    "... this means that users will only see items related to resources where the user is assigned the role of Owner, Contributor, or Reader to the subscription or resource group that a resource belongs to."
    This does not work in a full ARM RBAC Model setup.

    Users who are Owner of VMs, don't see VMs in Azure Security Center.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks.

    Indeed today Azure Security Center has experiences that can’t live in a single resource hierarchy and so not applicable for users with access to a single resource (i.e. and not the the containing subscription/resource group). We will look into adding a scoped down resource level experience for such users. No ETA to provide at this point.

    Thanks,
    Gilad Elyashar
    Product Manager

  11. GatewaySubnet NSG recommendation

    It is not allowed to attach a NSG to the GatewaySubnet in a virtual network. So it would be good if the recommendation in the Security Center of the GatewaySubnet would be not to attach a NSG.

    Just mark it as green, because we cannot attach a NSG to the GatewaySubnet.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. SOC

    The ability create a virtual SOC, automatically selecting all appropriate apps, services. I can go in to more detail, and design ideas if anyone wants.

    5 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Security Center already has some basic SOC features around monitoring and we’re certainly planing to extend those in the future. However, since SOC is a broad term it would help if you would be more specific about what exactly you had in mind and and what virtual SOC scenario you would find the most useful in Azure Security Center.

    Gilad Elyashar,
    Product Manager

  13. Close the door! Revoke an existing JIT access rule

    When a supplier received access to a Virtual Machine, which is guarded by JIT, I'd like to be able to close the door on him/her, when I find that they're done or breaking things in the environment.

    I'd like a mechanism in JIT to close the virtual door on them, before the set time is reached.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. 4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Provide functionality to remediate OS vulnerabilities identified by Security Center (and revert if they cause issues)

    Security Center provides many recommendations to harden OS vulnerabilities, but doesn't currently offer the option to remediate them. It would be very time consuming for customers to develop their own fixes in isolation and would cause huge duplication of effort - please would Microsoft provide the option to apply the hardening to VMs via Security Center, with the option to "undo" if it causes problems.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add an option to upload the Antivirus of your choice in security center

    As of now there is only few third party partner integration for Endpoint Protection in security center, it will be good if a customer can upload an Antivirus package (EXE\MSI) and use it to remediate against endpoint protection's recommendations.

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Adhoc check "Security Baseline Assesment"

    I want to check my server setting by "Security Baseline Assessment".
    When updating group policy, and When decreasing Failed rule numbers.

    Now, I need to wait next 24 hours after updating group policy to get checking rule results.
    Regards,
    Yoshihiro Kawabata

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. 4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  19. Create a community open source repository

    It would be great to get the security community engage with Azure Security Center and allow for community contributions. I imagine that it could be something like the Azure Automation Runbook community repository, but this would be focused on integration with Azure Security Center. Azure Security Center needs to create open API for custom community developed solution like mentioned in this feedback: https://feedback.azure.com/forums/347535-azure-security-center/suggestions/12366438-support-for-letting-apps-send-custom-alerts-to-sec

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Add AVG to the anti malware protection tool

    Add analytics on common 3rd party tools

    4 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base