iCompaas Support

Description:

This control ensures that security alert notifications in Microsoft Defender for Cloud are configured to trigger only for high-severity threats. It helps security teams quickly focus on critical incidents that indicate active compromise or major misconfigurations requiring immediate attention, reducing alert fatigue while ensuring urgent risks receive timely response.

Rationale:

High-severity alerts represent immediate security risks that can impact availability, confidentiality, or integrity. Limiting notifications to high-severity events ensures prompt response to critical threats while avoiding distraction from lower-priority issues, improving operational efficiency and incident handling effectiveness.

Impact:

Security teams receive fewer but more meaningful alerts, reducing noise and improving response time. Lower-severity issues remain visible in Defender for Cloud but do not trigger notifications. There is no impact on system performance, only a change in notification behavior.

Default value:

By default, Microsoft Defender for Cloud notifies on Medium and High severity alerts. This setting must be manually updated to notify of High severity only to meet this control requirement.

Pre-requisites:

1. Azure subscription with Microsoft Defender for Cloud enabled

2. One of the following roles: Owner/Contributor.

Test Plan:

1. Sign in to the Azure portal and navigate to Microsoft Defender for Cloud.

2. Under Management, select Environment settings and choose the relevant subscription.

3. Under the settings, click on Email Notifications.

4. Verify that Notify about alerts with the following severity is set to High.

5. If it is not set high, follow the implementation step.

Implementation Steps:

1. Sign in to the Azure portal at https://portal.azure.com 

2. Search for  Microsoft Defender for Cloud.

3. Under Management, select Environment settings and choose the targeted subscription.

4. Under the settings, click on Email Notifications.

5. Set Notify about alerts with the following severity to High.

6. Click on Save to apply changes.

Backout Plan:

1. Sign in to the Azure portal.

2. Open Microsoft Defender for Cloud.

3. Under Management, select Environment settings and choose the affected subscription.

4. Under the settings, click on Email Notifications.

5. Change the alert severity setting from High to the previous configuration.

6. Click Save to apply the changes.

References:

• https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details

• https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list

• https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update

• https://docs.microsoft.com/en-us/azure/security/benchmarks/security-controls-v2-incident-response#ir-2-preparation--setup-incident-notification