Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. SOC

    The ability create a virtual SOC, automatically selecting all appropriate apps, services. I can go in to more detail, and design ideas if anyone wants.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Security Center already has some basic SOC features around monitoring and we’re certainly planing to extend those in the future. However, since SOC is a broad term it would help if you would be more specific about what exactly you had in mind and and what virtual SOC scenario you would find the most useful in Azure Security Center.

    Gilad Elyashar,
    Product Manager

  2. SQL Audit solution based on the SQL audit data stored on blob storage

    Azure has an option to collect SQL audit info and store them on blob storage. Please integrate that info in to the security and audit solution.

    https://azure.microsoft.com/en-us/documentation/articles/sql-database-auditing-get-started/

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for this feedback, I’ll pass it along to the solution team.

    Keep in mind, after we will have enabled custom ‘fields’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/6519270-allow-to-perform-parsing-and-custom-fields-extract
    we will do ‘custom LOGs’ – http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7113030-collect-text-log-files
    and there is a ‘Azure storage’ flavour of that platform feature too http://feedback.azure.com/forums/267889-azure-operational-insights/suggestions/7928931-collect-data-from-custom-containers-in-storage-acc

    and those would be the generic building blocks to enable you (or third parties) to do that yourself, with or without a ‘canned’ solution pack.

  3. Disable security alert types like "Anonymous IP address"

    Using the Tor Browser or any other VPN that anonymizes the IP address is in our scope not a security problem, but rather a necessity in countries where the government monitors activities. This floods our alerts and there is no way to turn that off.
    To me all security alert types need to be customizable.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Include tenant name in alerts from Azure Security Center

    For a MSP, it's not easy to know what customer an alert comes from when you don't include ANY info about the tenant in alerts from Azure Security Center.
    Please include Azure tenant name and id in alerts from Azure Security Center.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add DISA STIG to compliance options Azure Security Center

    Would be nice to have a option to choose DISA STIG for the Regulatory Compliance within Azure Security Center as well as the others that are already available.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add an option to upload the Antivirus of your choice in security center

    As of now there is only few third party partner integration for Endpoint Protection in security center, it will be good if a customer can upload an Antivirus package (EXE\MSI) and use it to remediate against endpoint protection's recommendations.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. MaliciousIP 127.0.0.1

    I get a lot of alerts saying that 127.0.0.1 is a MaliciousIP, is this a bug?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Generate security audits fails

    Azure complains about "Generate security audits":

    EXPECTED VALUELocal Service, Network Service, IIS APPPOOL\DefaultAppPool

    Which actually are there.. even that Azure says:

    ACTUAL VALUES-1-5-19,S-1-5-20,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Incorrect Baseline CCE-38333-1

    CCE-38333-1

    LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : scremoveoption
    ...ExpectedResult:1
    ...ActualResult:NOT_EXISTS

    This setting exists although the baseline tool does not detect that it does. Perhaps its looking for an integer instead of a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Incorrect Baseline CCE-37439-7

    CCE-37439-7

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : cachedlogonscount
    ...ExpectedResult:4
    ...ActualResult:NOT_EXISTS

    This shows as not exists even though the registry value exists. Maybe its checking for an integer when it should really be checking for a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. CCE-37701-0 Incorrect Baseline

    CCE-37701-0

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
    ...ExpectedResult:0
    ...ActualResult:NOT_EXISTS

    The above baseline shows as non-existent even though it exists.

    Is the rule checking for a string or integer as this should be a string value per microsoft

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Failed Logins

    Seeing Failed Login Attempts and then checking the event log on the actual computers and seeing no such actions

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. GatewaySubnet NSG recommendation

    It is not allowed to attach a NSG to the GatewaySubnet in a virtual network. So it would be good if the recommendation in the Security Center of the GatewaySubnet would be not to attach a NSG.

    Just mark it as green, because we cannot attach a NSG to the GatewaySubnet.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Provide better reporting for Azure Security Center Container Registry Vulnerability Scanning

    We evaluated the new feature which in preview for ACR vulnerability scanning.

    It would be good if this provided better reporting by showing details on images that have been scanned, packages/software discovered even if they are showing not vulnerable.

    Our initial test of this feature shows it isn't accurate and we can't really see exactly what this scanned and is reporting is clean. Security center's vulnerability scanner shows 0 vulnerabilities, another container registry security scanner scanning the same images shows a lot of vulnerabilities.

    Another improvement when vulnerabilities are detected, is to be able to select an image and see…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Vulnerability Assessment logs should contain the resource or subscription id inoformation to make it easy to indentify the exact resource

    Vulnerability Assessment logs do not contain the resource or subscription id, just server name and database name.
    Should the resource and subscription Id will be included in the Vulnerability Assessment in the near future ?we want the subscription ID and resource group name in Vulnerability Assessment log to make it easy to identify.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. JIT for more than virtual machines

    We want to use JIT to access other resources on demand, like an Azure SQL database for example. One way might be to allow the creation of arbitrary NSG rules that can be enabled/disabled when a user requests JIT access.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Enable to use Workspace across Tenant

    Customer request:
    One large company may have multiple tenants, and there may be scenarios where log data is collected from multi-cloud environments such as Azure, On-Premiss, and AWS and monitored using Azure analysis tools.

    The following article says that 'Cross-subscription workspace selection' is possible, but in fact it seems to have a prerequisite of 'in one Tenant'.

    https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#cross-subscription-workspace-selection

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base