For example, a security issue that an application looks for and detects. Allowing the application to send a message to security center, instead of some other log/location that might get overlooked.

It would be valuable to get support for ATA for Azure Active Directory in ASC. We like the visual workflow and investigations. https://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/

App Services, API Management, Data Lake, HDInsight, Storage Accounts, Azure Redis, Load Balancer, AAD, etc... Aggregate all logs. Make them available to 3rd party SIEM options too.

We use VM scale sets when provisioning our environment in Azure. These scale set VMs are not supported by Azure Security Center. Please consider adding support for VM scale sets.

Today, Azure Security Center provides monitoring for Virtual Machines (including VMs that are part of Service Fabric Clusters), Virtual Networks, and Azure SQL Database. What about Cloud Services (Web and Worker roles)? Do you want to be able to manage security for Cloud Services in Security Center as well? If so, vote for this idea and share any specific requirements in the comments.

The baseline scans are failing on IIS servers, so maybe a more generic way to adjust the baseline rules on virtual machines would be helpful.

An example of the the scenario is described here.

https://azure.microsoft.com/en-us/documentation/articles/security-center-recommendations/#comment-2597306267

Now we have at least 2 different azure features that covering Security topic.
Security Center and Azure Operation Management Suite.

Both looks not bad, but paying twice - it's not the best business approach. Also it's looks like duplication(I know the difference, but it's still very close to each other).

I think we(Microsoft) can create Solution in OMS that will consume security info from Security Center. Or Security Center could consume OMS logs.. Anyway- 2 entities, 2 times paying- it's not the best business approach.

Azure Security Center is broken, Fix please: Users who are Owner of VMs should see VMs in Azure Security Center

Although documented here https://azure.microsoft.com/nl-nl/documentation/articles/security-center-faq/
"... this means that users will only see items related to resources where the user is assigned the role of Owner, Contributor, or Reader to the subscription or resource group that a resource belongs to."
This does not work in a full ARM RBAC Model setup.

Users who are Owner of VMs, don't see VMs in Azure Security Center.

https://gallery.technet.microsoft.com/Shielded-VMs-and-Guarded-44176db3

1- Can the Linux release and Kernel version be displayed in the VM Security Details blade (or elsewhere in Security Center)?

2- Can the update count be displayed in that blade? Similar to the "x packages can be updated, y updates are security updates" message from the MOTD when logging in to Ubuntu over SSH.

Add "Apply" option for all Security Center recommendation. Next step will be "Roll Back" option for implemented improvements.

It is not allowed to attach a NSG to the GatewaySubnet in a virtual network. So it would be good if the recommendation in the Security Center of the GatewaySubnet would be not to attach a NSG.

Just mark it as green, because we cannot attach a NSG to the GatewaySubnet.

Interested in generating reports on recommendations or security alerts in Security Center? If you could export this data to a CSV, you could create your own reports in Excel or PowerBI to share with others within in organization. Vote for this idea if you would export Security Center data to a CSV.

What currently is not reported is a very large range of IP addresses enabling access to SQL Azure. A rule 0.0.0.0- 255.255.255.255 will not be reported at all by Security Centre, but does pose a risk to the Database if the password and account is not strong and complex enough.

Azure complains about "Generate security audits":

EXPECTED VALUELocal Service, Network Service, IIS APPPOOL\DefaultAppPool

Which actually are there.. even that Azure says:

ACTUAL VALUE*S-1-5-19,*S-1-5-20,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

Have you considered having Gaurdicore as a partner solution in the marketplace? I sawe their technology at Blackhat and this seems to be a gap in Azure Security Center.

The ability create a virtual SOC, automatically selecting all appropriate apps, services. I can go in to more detail, and design ideas if anyone wants.

It would be great to get the security community engage with Azure Security Center and allow for community contributions. I imagine that it could be something like the Azure Automation Runbook community repository, but this would be focused on integration with Azure Security Center. Azure Security Center needs to create open API for custom community developed solution like mentioned in this feedback: https://feedback.azure.com/forums/347535-azure-security-center/suggestions/12366438-support-for-letting-apps-send-custom-alerts-to-sec

When you click on Policy within the Prevention section of ASC, a blade opens called Security policy. When you click on a subscription or Resource group to edit policy, a new blade opens also called Security policy. This creates a bit of confusion when documenting Security Center features. Perhaps the blade where you edit policy should be called, "Edit security policy"?