Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

  1. Incorrect Baseline CCE-38333-1

    CCE-38333-1

    LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : scremoveoption
    ...ExpectedResult:1
    ...ActualResult:NOT_EXISTS

    This setting exists although the baseline tool does not detect that it does. Perhaps its looking for an integer instead of a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Incorrect Baseline CCE-37439-7

    CCE-37439-7

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : cachedlogonscount
    ...ExpectedResult:4
    ...ActualResult:NOT_EXISTS

    This shows as not exists even though the registry value exists. Maybe its checking for an integer when it should really be checking for a string?

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. CCE-37701-0 Incorrect Baseline

    CCE-37701-0

    ...RuleSetting:LocalMachine\Software\Microsoft\Windows NT\CurrentVersion\Winlogon : AllocateDASD
    ...ExpectedResult:0
    ...ActualResult:NOT_EXISTS

    The above baseline shows as non-existent even though it exists.

    Is the rule checking for a string or integer as this should be a string value per microsoft

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Failed Logins

    Seeing Failed Login Attempts and then checking the event log on the actual computers and seeing no such actions

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. ASC broken Fix please: Users who are Owner of VMs should see VMs in ASC

    Azure Security Center is broken, Fix please: Users who are Owner of VMs should see VMs in Azure Security Center

    Although documented here https://azure.microsoft.com/nl-nl/documentation/articles/security-center-faq/
    "... this means that users will only see items related to resources where the user is assigned the role of Owner, Contributor, or Reader to the subscription or resource group that a resource belongs to."
    This does not work in a full ARM RBAC Model setup.

    Users who are Owner of VMs, don't see VMs in Azure Security Center.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks.

    Indeed today Azure Security Center has experiences that can’t live in a single resource hierarchy and so not applicable for users with access to a single resource (i.e. and not the the containing subscription/resource group). We will look into adding a scoped down resource level experience for such users. No ETA to provide at this point.

    Thanks,
    Gilad Elyashar
    Product Manager

  6. GatewaySubnet NSG recommendation

    It is not allowed to attach a NSG to the GatewaySubnet in a virtual network. So it would be good if the recommendation in the Security Center of the GatewaySubnet would be not to attach a NSG.

    Just mark it as green, because we cannot attach a NSG to the GatewaySubnet.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Vulnerability Assessment logs should contain the resource or subscription id inoformation to make it easy to indentify the exact resource

    Vulnerability Assessment logs do not contain the resource or subscription id, just server name and database name.
    Should the resource and subscription Id will be included in the Vulnerability Assessment in the near future ?we want the subscription ID and resource group name in Vulnerability Assessment log to make it easy to identify.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Include tenant name in alerts from Azure Security Center

    For a MSP, it's not easy to know what customer an alert comes from when you don't include ANY info about the tenant in alerts from Azure Security Center.
    Please include Azure tenant name and id in alerts from Azure Security Center.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable to use Workspace across Tenant

    Customer request:
    One large company may have multiple tenants, and there may be scenarios where log data is collected from multi-cloud environments such as Azure, On-Premiss, and AWS and monitored using Azure analysis tools.

    The following article says that 'Cross-subscription workspace selection' is possible, but in fact it seems to have a prerequisite of 'in one Tenant'.

    https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection#cross-subscription-workspace-selection

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure policy effects like deny, append... only work on newly created resources/resource groups

    Currently Azure policy effects like deny, append etc only gets applied to newly created resources/ resource groups not on to existing ones. This is a design limitation at this moment. It would be really helpful if we can bring this feature to existing resources also.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add filtering and export (csv) to the Azure Security Center to allow for easier use of data in compliance assessments and attestation.

    Add ability to filter directory information to clearly identify those user objects created in Azure AD vs local AD. Add ability to export the data set as a csv so that the data can be used externally from the portal for governance activities.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add an option to upload the Antivirus of your choice in security center

    As of now there is only few third party partner integration for Endpoint Protection in security center, it will be good if a customer can upload an Antivirus package (EXE\MSI) and use it to remediate against endpoint protection's recommendations.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Adhoc check "Security Baseline Assesment"

    I want to check my server setting by "Security Baseline Assessment".
    When updating group policy, and When decreasing Failed rule numbers.

    Now, I need to wait next 24 hours after updating group policy to get checking rule results.
    Regards,
    Yoshihiro Kawabata

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. 4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  17. Create a community open source repository

    It would be great to get the security community engage with Azure Security Center and allow for community contributions. I imagine that it could be something like the Azure Automation Runbook community repository, but this would be focused on integration with Azure Security Center. Azure Security Center needs to create open API for custom community developed solution like mentioned in this feedback: https://feedback.azure.com/forums/347535-azure-security-center/suggestions/12366438-support-for-letting-apps-send-custom-alerts-to-sec

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Add AVG to the anti malware protection tool

    Add analytics on common 3rd party tools

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Publish event list + blog post on security filter settings page

    Would be helpful to have the event list according to the level of security events selected on the settings page instead of needing to go to the blog post on the web.
    Please also include the link to the official blog in this page

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Guardicore

    Have you considered having Gaurdicore as a partner solution in the marketplace? I sawe their technology at Blackhat and this seems to be a gap in Azure Security Center.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Categories

Feedback and Knowledge Base