Description:
The ‘Additional email addresses’ setting in Microsoft Entra ID (formerly Azure AD) and Microsoft Defender for Cloud allows organizations to designate one or more email addresses to receive security notifications and alerts related to identity risks, threat detections, service incidents, and Defender for Cloud security events.
Configuring a Security Contact Email ensures that critical alerts such as account compromise, misconfigurations, suspicious sign-ins, threat detections, and vulnerability findings are automatically routed to the appropriate security teams or incident responders. This strengthens the organization’s overall monitoring capabilities and ensures rapid awareness of emerging security issues.
Rationale:
Setting a Security Contact Email ensures that all important security notifications generated by Microsoft Defender for Cloud and Microsoft Entra ID reach the correct personnel. Without specific security contacts configured, notifications might only go to individual administrators, increasing the risk that alerts are overlooked due to:
Admin mailbox overload
Personnel turnover
Disabled or unmonitored admin accounts
Alignment with compliance standards (CIS, ISO 27001, NIST 800-53, HIPAA, SOC 2, PCI-DSS)
This configuration helps maintain a more resilient detection and response capability across cloud workloads.
Impact:
Enabling and configuring additional security contact email addresses results in
Ensures security alerts are routed to a dedicated, monitored mailbox or distribution list.
Improves organizational response time to threats and misconfigurations.
Reduces risk of missed alerts that could lead to delayed mitigation or breaches.
Strengthens SOC workflows by ensuring security notifications flow consistently to incident response processes.
Default Value:
By default, there are no additional email addresses entered.
Pre-requisites:
Azure subscription with Microsoft Defender for Cloud enabled.
Global Administrator or Security Administrator permissions to enable and configure Microsoft Defender forzure Resources.
Test Plan:
Sign in to the Azure Portal at https://portal.azure.com
Search for Microsoft Defender for Cloud.
Under the management section, select the Environment settings, then select the subscription.
On the left side menu under the settings section, click on Email Notification.
Under Email recipients, check whether an email is configured or not.
If not, follow the implementation Plan.
Implementation Steps:
Sign in to the Azure Portal at https://portal.azure.com
Search for Microsoft Defender for Cloud.
Under the management section, select the Environment settings, then select the subscription.
On the left side menu under the settings section, click on Email Notification.
In the Additional email addresses field, set a valid security contact email address and assign an appropriate role for its use.
Save it
BackOut Plan:
Sign in to the Azure Portal at https://portal.azure.com
Search for Microsoft Defender for Cloud.
Under the management section, select the Environment settings, then select the subscription.
On the left side menu under the settings section, click on Email Notification.
In the Email Recipients field, remove the security contact email address.
Reference: