Azure Security Center

Do you have an idea or suggestion based on your experience with Azure Security Center? We would love to hear it! Please take a few minutes to submit your ideas or vote up an idea submitted by another customer. All of the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Security Center. Remember that this site is only for feature suggestions and ideas!

For further reading on Azure Security Center, see our documentation. For general discussion, use our discussion forum. For technical support, take advantage of these support options.

How can we improve Microsoft Azure Security Center?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Type of protection computer count

    The Type of Protection graph shows: 3 total "Computers with antimalware protection". This workspace only has 2 computers connected. I believe that the total should not count twice a computer that has 2 forms of antimalware protection.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Customize out-of-the-box querys for a solution

    Make it possible to change the Queries for a solution such as the malware assessment, where the Blade "Computers with detected threats" continues to show that there are active threats even though the threat have been remove. The reason is that the Query shows events for the last one day which may not be relevant if the events have be handled.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Feedback regarding Azure Policy and Azure Security Center

    Hi Team,

    We found that if we remove the Azure Policy: [Preview]: Deploy Log Analytics Agent for Windows VMs, the installed agent will not be removed.

    Ask fo help:

    Can we add the logic that when we remove the Azure Policy, the platform will also ask you whether the corresponding configurations need to be removed.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Base OS security configurations upon an open standard

    The documentation on OS security configurations in Azure Security Center states that it supports Windows Server up to version 2016. However, it is based upon a standard that supports up to version 2008 (the Azure Security Center documentation states it was based upon over "150 recommended rules" which in turn are based upon NIST's Common Configuration Enumeration which does not support beyond 2008). How does this work? Is the Windows Server 2016 support based upon a public standard or not?

    It would be nice if Azure Security Center OS security was based upon a standard like STIG or CIS, which…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Fine Grained, disabling / enabling security policies

    In a subscription, there can be storage accounts that currently cannot be configured with a firewall - example: storage accounts with audit logs of Azure SQL.
    It would be good if Security Center, as default, monitored all objects in a subscription, but it should be possible to disable individual objects from the monitoring.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  6. CIS Azure Benchmark 1.1

    Dear Microsoft team,
    I love the fact that you have implemented CIS Benchmark controls in Azure Security Center and I would like to know if you have any ETA for adding additional controls related to CIS Azure Benchmark 1.1.

    CIS Azure Benchmark 1.1 version and contains a total of around 140 controls between Level 1 and 2 (there is already a Draft for version 1.2.).

    Thanks!

    Manuel

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Update Remote Desktop Manager (RDCman) to support JIT

    RDCMan is one of my favorite tools. Having RDCMan support JIT would be incredible.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Security Center recommendation that flags Inbound port rules that are open to the Internet with src of ANY

    A Security Center recommendation that flags Inbound port rules that are open to the Internet like ssh, etc., with a source IP of ANY that may pose a security risk.

    Right now the only way to see these risky rules is to look at the inbound rules foreach individual VM

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  9. Enable a button for dismiss “Disable unrestricted network access to storage account (Preview)”

    Shall we have a button for dismiss “Disable unrestricted network access to storage account (Preview)”.

    This recommendations shows as high severity in the Recommendations blade. This display is very annoying.

    A storage account is a global service that can be used publicly. The firewall feature is only required in VNET. Why do we have to enable the firewall in the suggestion? Can we lower the display level? Leaders will be very worried when they see this suggestion.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Include the ability to search the network security recommendations in Log Analytics worspace

    Include the ability to search the network security recommendations in Log Analytics worspace, so that alerts can be generated from them and email notfications sent
    Example of recommendations:
    Enable Network Security Groups on subnets
    Enable Network Security Groups on virtual machines
    Restrict access through Internet facing endpoint

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Include Nessus agent as a solution for Vulnerability Assessment in ASC

    ASC recommends "Install a vulnerability assessment solution on your VM" even though we have the latest Nessus agent installed on our Linux VMs.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. 2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. Option for Security Center to differentiate between Environments with a tag?

    It would be great if the default behavior for Security Center is to monitor everything, AND when tagged, to have a more granular view of Production vs Non-Production environments.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add webhooks as a notification target in addition to email addresses or co-administrators to enable notifications to go to Slack

    Currently I can only send Security Center alerts to email addresses or simply specify co-administrators of the server. Giving the ability to specify a web hook means the alerts could go to a Slack channel (like I have done with my Classic Alerts when my pool eDTU exceeds 80%).

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow alert options for new events

    When events arrive in ASC, they can be selected for more information. From that query, new alerts can be created. However, there is currently no way to alert for events that have not yet occurred in the environment. New notable events may occur in a scarcely monitored environment, and no alert mechanism would exist if the event had not occurred previously in the environment while being actively monitored and creating an alert at that time.

    Thus, the queries for each notable event should be published for alerts to be created should they eventually occur in an environment. Or a simpler…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. WAF detection alert time showing on Azure security center is always show as hourly

    WAF detection alert time showing on Azure security center is always show as hourly, is there a chance to change the frequency as every 15 mins.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add the option that we can stop collecting the data of "Prevention"

    Currently, it is sure to collect the data of "Prevention" in spite of turning off automatic provisioning of monitoring agent on Azure portal. It would be great if we can select collcting the data of "Prevention", like "Recommendations".

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Make Email Alerting Customizable

    It seems as though email alerts are either on/off. Toggle on - ONLY sends high severity alerts. We'd like the ability to choose medium and high severity. Or another way to specify which alerts should be emailed. Current feature set is not enough.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Enable the automation of selecting the Log Analytics Workspace that Security Center uses.

    Currently in the Azure Portal you can select a Log Analytics Workspace for Azure Security Center to use. However I have tried to automate this configuration via the REST APIs and they throw an error when a workspace is defined. Please enable this capability.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Make the security pane useful for Linux and 3rd party products

    We’d prefer to have parsed (security) events for Linux and other solutions (firewalls etc etc) as we have for Windows as well.
    We’d like the security auditing/logging for other sources in Azure to be on par with the Windows events and of a similar format. The security dashboard is now for most of the events Windows only, but we use much more connected to OMS.

    We need OMS to facilitate all supported products for security and other issues.

    Simple example: figuring out which users are doing failed SSH sign ins, without building a custom field and querying the field like…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Security Center

Feedback and Knowledge Base