Description:
Enable security alert emails to subscription owners.
Rationale:
Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft.
Impact:
This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.
Default Value:
By default, None is selected for All users with the following roles.
Audit:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Ensure that All users with the following roles is set to Owner
Remediation:
Pre-requisites:
Azure account.
An Azure Defender plan for Enhanced security plan. But is not required to set the additonal email address, However, to send the notifications we need to use the security center in a region selected.
Implementation Steps:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Ensure that All users with the following roles is set to Owner
Backout Plan:
Go to Security Center
Click on Pricing & settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
Uncheck the Owner role of the All users with the following roles (to revoke the changes as default).
References:
Configure email notifications for Azure Security Center alerts
Security Contacts - List - REST API (Azure Security Center)
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update