Retirement of Security Center features (July 2019)


This document details the list of features that were retired from Azure Security Center on July 31st, 2019.

We made several improvements to Azure Security Center over the six months leading up to July 2019. With these improved capabilities, we removed some redundant features and related APIs from Security Center on July 31, 2019.

Most of these retired features can be replaced with other functionality in Azure Security Center or Azure Log Analytics. Other features can be implemented using Azure Sentinel (preview).

Retired Security Center features include:

This article provides detailed information for each retired feature and the steps you can take to implement replacement features.

Events dashboard

Security Center uses Log Analytics agent to collect various security-related configurations and events from your machines. It stores these events in your workspaces. The events dashboard lets you view this data and gives you an entry point to Log Analytics.

We retired the events dashboard that appeared when you selected a workspace:

Events dashboard

Events dashboard - the new experience

We encouraged you to use the native capabilities of Azure Log Analytics to view notable events on your workspaces.

If you've created custom notable events in Security Center, they'll be accessible. In Log Analytics, go to Select workspace > Saved Searches. Your data won't be lost or modified. Native notable events are also available from the same screen in Log Analytics.

Workspace saved searches

Search menu entry

Azure Security Center currently uses Azure Monitor logs search to retrieve and analyze your security data. This screen serves as a window to Log Analytics search page, and enables users to run search queries on their selected workspace. For more information, see Azure Security Center search. We retired this search window:

Search page

Search menu entry - the new experience

We encourage you to use the Azure Log Analytics native capabilities to perform Search queries on your workspaces. Go to Azure Log Analytics and select Logs.

Log Analytics logs page

Classic Identity & Access (Preview)

The Classic Identity & Access experience in Security Center currently shows a dashboard of identity and access information in Log Analytics. To view this dashboard:

  1. Select View classic Identity & Access.

    Identity page

  2. View the Identity & Access dashboard.

    Identity page - workspace selection

  3. Select a workspace to open the Identity & Access dashboard in Log Analytics to view identity and access information on your workspace.

    Identity page - dashboard

We retired all three screens shown in the preceding steps. Your data remains available in the Log Analytics security solution and wasn't modified or removed.

Classic Identity & Access (Preview) - the new experience

The Log Analytics dashboard has shown insights on a single workspace. However, native Security Center capabilities provide visibility into all subscriptions and all workspaces associated with them. You can access an easy-to use view that lets you focus on what's important with recommendations ranked according to their Secure Score.

All the features of the Identity & Access dashboard in Log Analytics can be reached by selecting Identity & access (Preview) within Security Center.

Identity page - classic experience retirement

Security events map

Security Center provides you with a security alerts map to help identify security threats. The Go to security events map button in that map opens a dashboard that allows you to view raw security events on the selected workspace.

We removed the Go to security events map button and the per-workspace dashboard.

Security alerts map - button

When you select the Go to security events map button, it opened the (now retired) threat intelligence dashboard.

Threat intelligence dashboard

When you choose a workspace to view its threat intelligence dashboard, you opened the (now retired) security alerts map (preview) screen in Log Analytics.

Security alerts map in Log Analytics

Your existing data remains available in the Log Analytics security solution and wasn't modified or removed.

Security events map - the new experience

We encourage you to use the alerts map functionality built into Security Center: Security alerts map (Preview). This functionality provides an optimized experience and works across all subscriptions and associated workspaces. It gives you a high-level view across your environment and isn't focused on a single workspace.

Custom alert rules (Preview)

We retired the custom alerts experience on June 30, 2019 because its underlying infrastructure was retired. After the retirement date, custom security alerts are no longer generated. We recommend that you enable Azure Sentinel and re-create your custom alerts there. Alternatively, you can create your alerts with Azure Monitor log alerts.

To create custom alerts with Azure Sentinel:

  1. Open Azure Sentinel and select the workspace where your custom alerts are stored
  2. Select Analytics from the menu
  3. Follow instructions in the following tutorial on how to create custom alerts in Azure Sentinel

If you're not interested in using Azure Sentinel, you can create your alerts with Azure Monitor log alerts. For instructions, see Create, view, and manage log alerts by using Azure Monitor and Log alerts in Azure Monitor.

Custom alerts

For more information on custom alerts retirement, see Custom Alert Rules in Azure Security Center (Preview).

Security alerts investigation

The Investigation feature in Security Center helps you triage a potential security incident. The feature allows you to understand the scope of an incident and track down its root cause. We removed this feature from Security Center because it's been replaced with an improved experience in Azure Sentinel.

Security incident

When you select the Investigate button from a Security incident screen, you open the Investigation Dashboard (Preview) in Log Analytics. We retired the Investigation Dashboard.

Your existing data remains available in the Log Analytics security solution and wasn't modified or removed.

Investigation dashboard in Log Analytics

Investigation - the new experience

We encourage you to transition to Azure Sentinel for a rich investigation experience. Azure Sentinel provides powerful search and query tools to hunt for security threats across your organization's data sources.

Subset of security solutions

Security Center can enable integrated security solutions in Azure. We retired the following partner solutions from Security Center. These solutions are enabled in Azure Sentinel along with a number of additional data sources.

After retirement, you cannot add or modify any of the solution types mentioned in the preceding list, either from the UI or the API. Azure Security Center will no longer discover any new instances of these partner solutions.

If you have existing connected solutions, we encourage you to move to Azure Sentinel.

Security centers solutions

Edit security configurations for security policies

Azure Security Center monitors security configurations by applying a set of over 150 recommended rules for hardening the OS. These rules pertain to firewalls, auditing, password policies, and more. If a machine is found to have a vulnerable configuration, Security Center generates a security recommendation. The Edit security configuration screen allows customers to customize the default OS security configuration in Security Center.

We retired this preview feature. To reset your security configurations back to their default values after the retirement date, do so via the API or Powershell using the following instructions.

Edit security configurations

Edit security configurations - the new experience

We intend to enable Security Center to support the Guest configuration agent. Such an update will allow a much richer feature set, including support for more operating systems and integration of Azure in-guest policies for guest configurations. After these changes are enabled, you'll also have the ability to control configurations at scale and apply them to new resources automatically.

Security and audit dashboard for Log Analytics workspaces

The security and audit dashboard was originally used in the OMS portal. In Log Analytics, the dashboard provides a per-workspace overview of notable security events and threats, a threat intelligence map, and an identity-and-access assessment of security events saved in the workspace. We removed the dashboard. As we already recommended in the dashboard UI, we advise you to transition to Azure Security Center.

Log Analytics security dashboard

Security and audit dashboard - the new experience

We advise you to switch to Azure Security Center. It provides the same security overview across multiple subscriptions and the workspaces associated with them, plus a richer feature set.

You can get the original Log Analytics queries that populate the security and audit dashboard in the GitHub repository for Security Center.

Next steps