Description:
Security Center emails the subscription owners whenever a high-severity alert is triggered for their subscription. You should provide a security contact email address as an additional email address.
Rationale:
Azure Security Center emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the 'Additional email addresses' field ensures that your organization's Security Team is included in these alerts.
Impact:
This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion.
Default Value:
By default, there are no additional email addresses entered.
Audit:
Sign in to your Azure account.
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Check the valid security contact email address is listed in the Additional email addresses field with an appropriate role to use(as default there are no additional email addresses are added).
Remediation:
Pre-requisites:
An Azure Defender plan for Enhanced security plan. But is not required to set the additional email address, However, to send the notifications we need to use the security center in the region selected.
Implementation Steps:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Set the valid security contact email address is listed in the Additional email addresses field with an appropriate role to use.
Backout Plan:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Change the valid security contact email address is listed in the Additional email addresses field along with the appropriate role to use.