Description:
Enables emailing security alerts to the subscription owner or other designated security contact.
Rationale:
Enabling security alert emails ensures that security alert emails are received from Microsoft.
Impact:
This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.
Default Value:
By default, Send email notifications for high severity alerts is not set.
Audit:
Sign in to your Azure account.
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Check the status of the Notify about alerts with the following severity (or higher) setting is checked and set to High
Remediation:
Pre-requisites:
An Azure Defender plan for Enhanced security plan. But is not required to set the additional email address, However, to send the notifications we need to use the security center in a region selected.
Implementation Steps:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Check the Notify about alerts with the following severity (or higher) setting, set to High, and click on Save
Backout Plan:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Uncheck the setting Notify about alerts with the following severity or higher and set to High(to revoke the changes to default).