Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Update Remote Desktop Manager (RDCman) to support JIT

    RDCMan is one of my favorite tools. Having RDCMan support JIT would be incredible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Security Center recommendation that flags Inbound port rules that are open to the Internet with src of ANY

    A Security Center recommendation that flags Inbound port rules that are open to the Internet like ssh, etc., with a source IP of ANY that may pose a security risk.

    Right now the only way to see these risky rules is to look at the inbound rules foreach individual VM

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enable a button for dismiss “Disable unrestricted network access to storage account (Preview)”

    Shall we have a button for dismiss “Disable unrestricted network access to storage account (Preview)”.

    This recommendations shows as high severity in the Recommendations blade. This display is very annoying.

    A storage account is a global service that can be used publicly. The firewall feature is only required in VNET. Why do we have to enable the firewall in the suggestion? Can we lower the display level? Leaders will be very worried when they see this suggestion.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  4. Include the ability to search the network security recommendations in Log Analytics worspace

    Include the ability to search the network security recommendations in Log Analytics worspace, so that alerts can be generated from them and email notfications sent
    Example of recommendations:
    Enable Network Security Groups on subnets
    Enable Network Security Groups on virtual machines
    Restrict access through Internet facing endpoint

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include Nessus agent as a solution for Vulnerability Assessment in ASC

    ASC recommends "Install a vulnerability assessment solution on your VM" even though we have the latest Nessus agent installed on our Linux VMs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. 2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Option for Security Center to differentiate between Environments with a tag?

    It would be great if the default behavior for Security Center is to monitor everything, AND when tagged, to have a more granular view of Production vs Non-Production environments.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Add webhooks as a notification target in addition to email addresses or co-administrators to enable notifications to go to Slack

    Currently I can only send Security Center alerts to email addresses or simply specify co-administrators of the server. Giving the ability to specify a web hook means the alerts could go to a Slack channel (like I have done with my Classic Alerts when my pool eDTU exceeds 80%).

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow alert options for new events

    When events arrive in ASC, they can be selected for more information. From that query, new alerts can be created. However, there is currently no way to alert for events that have not yet occurred in the environment. New notable events may occur in a scarcely monitored environment, and no alert mechanism would exist if the event had not occurred previously in the environment while being actively monitored and creating an alert at that time.

    Thus, the queries for each notable event should be published for alerts to be created should they eventually occur in an environment. Or a simpler…

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. WAF detection alert time showing on Azure security center is always show as hourly

    WAF detection alert time showing on Azure security center is always show as hourly, is there a chance to change the frequency as every 15 mins.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add the option that we can stop collecting the data of "Prevention"

    Currently, it is sure to collect the data of "Prevention" in spite of turning off automatic provisioning of monitoring agent on Azure portal. It would be great if we can select collcting the data of "Prevention", like "Recommendations".

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Make Email Alerting Customizable

    It seems as though email alerts are either on/off. Toggle on - ONLY sends high severity alerts. We'd like the ability to choose medium and high severity. Or another way to specify which alerts should be emailed. Current feature set is not enough.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Enable the automation of selecting the Log Analytics Workspace that Security Center uses.

    Currently in the Azure Portal you can select a Log Analytics Workspace for Azure Security Center to use. However I have tried to automate this configuration via the REST APIs and they throw an error when a workspace is defined. Please enable this capability.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Make the security pane useful for Linux and 3rd party products

    We’d prefer to have parsed (security) events for Linux and other solutions (firewalls etc etc) as we have for Windows as well.
    We’d like the security auditing/logging for other sources in Azure to be on par with the Windows events and of a similar format. The security dashboard is now for most of the events Windows only, but we use much more connected to OMS.

    We need OMS to facilitate all supported products for security and other issues.

    Simple example: figuring out which users are doing failed SSH sign ins, without building a custom field and querying the field like…

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Do we really need ArcSight while Azure Security Center is in use?

    Hi,

    I am working on deployment of a new site. We are planning for Azure Security Center(ASC) implementation. But we do have SIEM(ArcSight) solution already in place for an older site. Now my question is do I really need to send those Azure Security Center (New Site) logs to already existing (Old Site) SIEM ArcSight? Or Azure Security Center alone capable as a primary SIEM solution?

    P.S.: The reason I am asking this because integrating Azure Security Center logs with ArcSight will add extra cost such us (Connector, Extra GB license, Increasing EPS etc. etc.).

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. OMS security baseline assessment rule for Audit policy needs changing

    The baseline security assessment reports a fail for Audit Policy: Policy Change: Authentication Policy as I have it set to Success/Fail. I have this as per the active directory secure best practice doc https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations whereas the analyzer is expecting success only so fails the rule.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Change what Malware Assessment to not consider quarantined items as active threats

    Malware Assessment alerts on what it considers active threats. Windows Defender - and likely other AV packages - considers quarantined items as inactive threats. Please change Malware Assessment so that quarantined items are not considered active threats.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Don't report "green" status in security health for items that you have chosen to exclude in your policy.

    For example, showing a green check icon under end point protection gives a false impression that its protected, when its not actually protected, it just that that check is being ignored.

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Editing security policy, duplicate named blades

    When you click on Policy within the Prevention section of ASC, a blade opens called Security policy. When you click on a subscription or Resource group to edit policy, a new blade opens also called Security policy. This creates a bit of confusion when documenting Security Center features. Perhaps the blade where you edit policy should be called, "Edit security policy"?

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. False Positive Detection - Missing critical update

    False positive detection. The WIn 10 device is fully updated ...OMS detects missing critical update and shows Title: Security Update for Adobe Flash Player for Windows 10 for x64-based Systems (KB3144756) Under KBID section a View link is available to see KBID 3144756 [View]
    https://support.microsoft.com/en-us/kb/3144756 - This page does not exist...

    2 votes
    Sign in
    (thinking…)
    Sign in with: oidc
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base