Description:

Enable security alert emails to subscription owners.


Rationale:

Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. 


Impact:

This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.


Default Value:

By default, None is selected for All users with the following roles.


Audit:

  1. Go to Security Center

  2. Click on Pricing & settings

  3. Click on the appropriate Management GroupSubscription, or Workspace

  4. Click on Email notifications

  5. Ensure that All users with the following roles is set to Owner

Remediation:

Pre-requisites:

  1. Azure account.

  2. An Azure Defender plan for Enhanced security plan. But is not required to set the additonal email address, However, to send the notifications we need to use the security center in a region selected.

Implementation Steps:

  1. Go to Security Center

  2. Click on Pricing & settings

  3. Click on the appropriate Management Group, Subscription, or Workspace

  4. Click on Email notifications

  5. Ensure that All users with the following roles is set to Owner

Backout Plan:

  1. Go to Security Center

  2. Click on Pricing & settings

  3. Click on the appropriate Management Group, Subscription, or Workspace

  4. Click on Email notifications

  5. Uncheck the Owner role of the All users with the following roles (to revoke the changes as default).

References:

Configure email notifications for Azure Security Center alerts 

Security Contacts - List - REST API (Azure Security Center) 

https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update 

Azure Security Benchmark V2 - Incident Response