Description:

Enables emailing security alerts to the subscription owner or other designated security contact.


Rationale:

Enabling security alert emails ensures that security alert emails are received from Microsoft. 


Impact:

This ensures that the right people are aware of any potential security issues and are able to mitigate the risk.


Default Value:

By default, Send email notifications for high severity alerts is not set.


Audit:

  1. Sign in to your Azure account.

  2. Go to Security Center

  3. Click on Pricing & settings

  4. Click on the appropriate Management GroupSubscription, or Workspace

  5. Click on Email notifications

  6. Check the status of the Notify about alerts with the following severity (or higher) setting is checked and set to High

Remediation:

Pre-requisites:

  1. An Azure Defender plan for Enhanced security plan. But is not required to set the additional email address, However, to send the notifications we need to use the security center in a region selected.

Implementation Steps:

  1. Go to Security Center

  2. Click on Pricing & settings

  3. Click on the appropriate Management Group, Subscription, or Workspace

  4. Click on Email notifications

  5. Check the Notify about alerts with the following severity (or higher) setting, set to High, and click on Save

 

Backout Plan:

  1. Go to Security Center

  2. Click on Pricing & settings

  3. Click on the appropriate Management Group, Subscription, or Workspace

  4. Click on Email notifications

  5. Uncheck the setting Notify about alerts with the following severity or higher and set to High(to revoke the changes to default). 

References: