Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. Connecting application gateway to security center via ARM

    The documentation explaining how to connect an Application Gateway/WAF to security center all use the portal to make the connection. While this is fine for trying out the functionality we need a way to do this by using ARM and Powershell in order to be able to automate it.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Dismissing WAF Alerts Should Turn Application Tile Green

    According to the product group, dismissing a Web Application Firewall not present alert is not supposed to turn the application tile green. This is done on purpose as to not give the user a false-sense of security. However, the reason the dismiss button exists is so that users who are aware of this and have other measures in place can dismiss the item and turn the application tile green.

    There are cases where a WAF may be in use but ASC isn't aware of that. Such as a VM running a network appliance with a built in WAF from a…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Cloud App Security

    add cloud app sécurity alert into OMS portal

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Include reponsible user to event

    Hi All, awsome product. Just did a test with vulnarabilty assessment. I introduced an eicar test string on one of our vm's. An event was triggerd in OMS. But seems there is some important information missing in the event. The username is not included. (EventId 1116, Microsoft Antimalware) does include the user. Would be a nice addition to include the username of the account that was "responsible" for the generation of the alert.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. SQL Audit solution based on the SQL audit data stored on blob storage

    Azure has an option to collect SQL audit info and store them on blob storage. Please integrate that info in to the security and audit solution.

    https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for this feedback, I’ll pass it along to the solution team.

    Keep in mind, after we will have enabled custom ‘fields’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
    we will do ‘custom LOGs’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
    and there is a ‘Azure storage’ flavour of that platform feature too http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

    and those would be the generic building blocks to enable you (or third parties) to do that yourself, with or without a ‘canned’ solution pack.

  6. Azure policy does not support audit effect if we give nsg's destinating port range as a range

    Currently Azure policy doesn't have a feature which will audit if we give destination port ranges as a range.We can only audit for a single value but not for ranges. It will be very useful, if we can bring this feature soon.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. (Geo) Country IP blocks are needed in NSGs

    A well known method to mitigate Internet-based threats are country-based IP blocks. Many firewall vendors have this feature for a long time. Please make it possible to create "block lists" of countries (or "white lists" as well) and make NSG rules key on that.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide functionality to remediate OS vulnerabilities identified by Security Center (and revert if they cause issues)

    Security Center provides many recommendations to harden OS vulnerabilities, but doesn't currently offer the option to remediate them. It would be very time consuming for customers to develop their own fixes in isolation and would cause huge duplication of effort - please would Microsoft provide the option to apply the hardening to VMs via Security Center, with the option to "undo" if it causes problems.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. MaliciousIP 127.0.0.1

    I get a lot of alerts saying that 127.0.0.1 is a MaliciousIP, is this a bug?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Generate security audits fails

    Azure complains about "Generate security audits":

    EXPECTED VALUELocal Service, Network Service, IIS APPPOOL\DefaultAppPool

    Which actually are there.. even that Azure says:

    ACTUAL VALUE*S-1-5-19,*S-1-5-20,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Incorrect Baseline CCE-38333-1

    CCE-38333-1

    LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : scremoveoption
    ...ExpectedResult:1
    ...ActualResult:NOT_EXISTS

    This setting exists although the baseline tool does not detect that it does. Perhaps its looking for an integer instead of a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Incorrect Baseline CCE-37439-7

    CCE-37439-7

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : cachedlogonscount
    ...ExpectedResult:4
    ...ActualResult:NOT_EXISTS

    This shows as not exists even though the registry value exists. Maybe its checking for an integer when it should really be checking for a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. CCE-37701-0 Incorrect Baseline

    CCE-37701-0

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
    ...ExpectedResult:0
    ...ActualResult:NOT_EXISTS

    The above baseline shows as non-existent even though it exists.

    Is the rule checking for a string or integer as this should be a string value per microsoft

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Failed Logins

    Seeing Failed Login Attempts and then checking the event log on the actual computers and seeing no such actions

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. ASC broken Fix please: Users who are Owner of VMs should see VMs in ASC

    Azure Security Center is broken, Fix please: Users who are Owner of VMs should see VMs in Azure Security Center

    Although documented here https://azure.microsoft.com/nl-nl/documentation/articles/security-center-faq/
    "... this means that users will only see items related to resources where the user is assigned the role of Owner, Contributor, or Reader to the subscription or resource group that a resource belongs to."
    This does not work in a full ARM RBAC Model setup.

    Users who are Owner of VMs, don't see VMs in Azure Security Center.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks.

    Indeed today Azure Security Center has experiences that can’t live in a single resource hierarchy and so not applicable for users with access to a single resource (i.e. and not the the containing subscription/resource group). We will look into adding a scoped down resource level experience for such users. No ETA to provide at this point.

    Thanks,
    Gilad Elyashar
    Product Manager

  16. GatewaySubnet NSG recommendation

    It is not allowed to attach a NSG to the GatewaySubnet in a virtual network. So it would be good if the recommendation in the Security Center of the GatewaySubnet would be not to attach a NSG.

    Just mark it as green, because we cannot attach a NSG to the GatewaySubnet.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. SOC

    The ability create a virtual SOC, automatically selecting all appropriate apps, services. I can go in to more detail, and design ideas if anyone wants.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Security Center already has some basic SOC features around monitoring and we’re certainly planing to extend those in the future. However, since SOC is a broad term it would help if you would be more specific about what exactly you had in mind and and what virtual SOC scenario you would find the most useful in Azure Security Center.

    Gilad Elyashar,
    Product Manager

  18. Enable to use Workspace across Tenant

    Customer request:
    One large company may have multiple tenants, and there may be scenarios where log data is collected from multi-cloud environments such as Azure, On-Premiss, and AWS and monitored using Azure analysis tools.

    ## The following article says that 'Cross-subscription workspace selection' is possible, but in fact it seems to have a prerequisite of 'in one Tenant'.
    https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#cross-subscription-workspace-selection

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure policy effects like deny, append... only work on newly created resources/resource groups

    Currently Azure policy effects like deny, append etc only gets applied to newly created resources/ resource groups not on to existing ones. This is a design limitation at this moment. It would be really helpful if we can bring this feature to existing resources also.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  20. Reduce RBAC requirements for JIT to enable Support staff context

    Currently, in order to successfully request access to a VM via JIT the user requires Microsoft.Compute/virtualMachines/write/* RBAC access to the VM(s) in question. This seems like a heavy security requirement when JIT is often used by Support staff who should not be able to add/modify VMs in a Production environment.

    It should be possible to enable/block JIT on a per-VM basis, such that User Group A can request access to VM A and not VM B, and User Group B can request access to VM B and not VM A - I feel that this would be better served with…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base