Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Do we really need ArcSight while Azure Security Center is in use?

    Hi,

    I am working on deployment of a new site. We are planning for Azure Security Center(ASC) implementation. But we do have SIEM(ArcSight) solution already in place for an older site. Now my question is do I really need to send those Azure Security Center (New Site) logs to already existing (Old Site) SIEM ArcSight? Or Azure Security Center alone capable as a primary SIEM solution?

    P.S.: The reason I am asking this because integrating Azure Security Center logs with ArcSight will add extra cost such us (Connector, Extra GB license, Increasing EPS etc. etc.).

    2 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • OMS security baseline assessment rule for Audit policy needs changing

      The baseline security assessment reports a fail for Audit Policy: Policy Change: Authentication Policy as I have it set to Success/Fail. I have this as per the active directory secure best practice doc https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations whereas the analyzer is expecting success only so fails the rule.

      2 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Change what Malware Assessment to not consider quarantined items as active threats

        Malware Assessment alerts on what it considers active threats. Windows Defender - and likely other AV packages - considers quarantined items as inactive threats. Please change Malware Assessment so that quarantined items are not considered active threats.

        2 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          4 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Don't report "green" status in security health for items that you have chosen to exclude in your policy.

          For example, showing a green check icon under end point protection gives a false impression that its protected, when its not actually protected, it just that that check is being ignored.

          2 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Editing security policy, duplicate named blades

            When you click on Policy within the Prevention section of ASC, a blade opens called Security policy. When you click on a subscription or Resource group to edit policy, a new blade opens also called Security policy. This creates a bit of confusion when documenting Security Center features. Perhaps the blade where you edit policy should be called, "Edit security policy"?

            2 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • False Positive Detection - Missing critical update

              False positive detection. The WIn 10 device is fully updated ...OMS detects missing critical update and shows Title: Security Update for Adobe Flash Player for Windows 10 for x64-based Systems (KB3144756) Under KBID section a View link is available to see KBID 3144756 [View]
              https://support.microsoft.com/en-us/kb/3144756 - This page does not exist...

              2 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Enable a button for dismiss “Disable unrestricted network access to storage account (Preview)”

                Shall we have a button for dismiss “Disable unrestricted network access to storage account (Preview)”.

                This recommendations shows as high severity in the Recommendations blade. This display is very annoying.

                A storage account is a global service that can be used publicly. The firewall feature is only required in VNET. Why do we have to enable the firewall in the suggestion? Can we lower the display level? Leaders will be very worried when they see this suggestion.

                1 vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Asure Security Center for Windows Client OS

                  As the Log Analytics is supported for the Windows Client OS why it is not supported for the Azure Security Center.

                  1 vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Include the ability to search the network security recommendations in Log Analytics worspace

                    Include the ability to search the network security recommendations in Log Analytics worspace, so that alerts can be generated from them and email notfications sent
                    Example of recommendations:
                    Enable Network Security Groups on subnets
                    Enable Network Security Groups on virtual machines
                    Restrict access through Internet facing endpoint

                    1 vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Create Service Endpoint for Azure Antimalware

                      Azure Antimalware Service is not able to communicate to Azure Update Services when enforced tunneling is configured for the VM on vnet layer. With a service endpoint for Azure Antimalware and forced tunneling all traffic from a VM would be routed to on-premises except communication between Azure Antimalware and the Update Service.

                      1 vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Include Nessus agent as a solution for Vulnerability Assessment in ASC

                        ASC recommends "Install a vulnerability assessment solution on your VM" even though we have the latest Nessus agent installed on our Linux VMs.

                        1 vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Include cybereason as an endpoint protection solution in Security Center

                          ASC recommends "Install endpoint protection solution on VM" when we already have cybereason endpoint protection on our linux VMs.

                          1 vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Modify the MFA checks to make a distinction for the type of account

                            Make the 'Enable MFA for accounts with read permissions on your subscription policy aware of the type of account. At this moment this checks for every type of account, however on the group level it's not possible to enable MFA. So this error is now cluttering the Azure security center.

                            1 vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Allow mail-enabled dynamic security groups.

                              Imagine you just create a dynamic security group for users with specific conditions.. maybe all that are new to the company are added to the "All Employees" group.

                              Problem is, the group is not mail-enabled. You should be able to have dynamic groups that you can email !

                              1 vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Streamline and integrate incident response alerts and responses to make it more

                                The main issue of concern is that although we may investigate, acknowledge, and confirm an alert in Cloud App Security it then needs to be cleared again in multiple other areas such as Azure Risk Events, and Security and Compliance Center.

                                Microsoft is on the proper path with providing these tools and alerts, however, they need to be more integrated as it's costing the business too much time and money to clear the same alert in multiple areas within Azure and Office 365.

                                Please integrate these processes so that they may be updated from any location the alert may appear…

                                1 vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • Have ASC monitor existing JIT

                                  Given that JIT is enabled by simply adding and removing rules on VM's effective NSG, and that anyone with NSG rule access can manually remove those rules, you need to make sure ASC can detect if the rule(s) were removed.
                                  At the moment you can remove all the ASC rules and ASC will still show the VM as configured. ASC should detect the rules have been removed and either replace them or change the VM JIT status back to Recommended.

                                  1 vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • 1 vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Alerts for content change in website like script got changed or change in information provided in the website generally after deployment

                                      I want to get Alerts for content change in websites which generally happen after deployment or if attacked by hackers (like script got changed from macro to micro or viceversa , or change in UI of the website.

                                      1 vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Adaptative Application Control - Improve policy extension to use combination of path and hash

                                        The idea would be to be able using (but not mandatory) both path and hash to define a policy extension.

                                        1 vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Adaptative Application Control - Improve policy extension to use wildcards within path

                                          The idea would be to use wildcards within the path to allow some built-in scripts/batches like %OSDRIVE%\USERS\<USERNAM>\APPDATA\LOCAL\TEMP\<NUMBER>\GETPATHS.CMD

                                          1 vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          • Don't see your idea?

                                          Azure Security Center

                                          Feedback and Knowledge Base