iCompaas Support

Description:

This setting makes sure that all Owner role users automatically receive security alert emails. Turning it on ensures that subscription owners are notified about important security issues without needing to add their emails manually.

Rationale:

Sending security alerts to all users with the Owner role ensures that the people responsible for managing the subscription are immediately aware of important security issues. This improves response time and helps prevent security risks from being overlooked.

Impact:
Enabling this setting may result in more alert emails being sent to subscription owners, which could lead to notification fatigue. However, this is outweighed by the benefit of ensuring that critical security issues are not missed.

Default Value:

By default, this setting is disabled (notifications to users with the Owner role are not automatically enabled).

Pre-requisites:

A valid security contact email must be configured in Microsoft Defender for Cloud before enabling notifications for users with the Owner role.

Test Plan:

1. Open the Azure portal at https://portal.azure.com.

2. In the portal, search for Microsoft Defender for Cloud.

3. Under Management, select Environment settings and choose the target subscription.

4. Under Settings, go to Email notifications.

5. In the Email recipients section, verify that the option “All users with the following roles: Owner” is selected.

6. If it is not selected, follow the implementation Steps.

Implementation Steps:

1. Open the Azure Portal https://portal.azure.com

2. In the portal, search for Microsoft Defender for Cloud.

3. Under Management, select Environment settings and choose the target subscription.

4. Under Settings, go to Email notifications.

5. Ensure a valid security contact email is configured.

6. In the Email recipients section, set the option to ‘All users with the following roles: Owner.

7. Save the configuration to apply the setting.

Backout Plan:

1. Open the Azure portal at https://portal.azure.com.

2. In the portal, search for Microsoft Defender for Cloud.

3. Under Management, select Environment settings and choose the target subscription.

4. Under Settings, go to Email notifications.

5. In the Email recipients section, change the selection back to its previous value.

6. Save the changes to revert the configuration.

Reference:

• https://learn.microsoft.com/azure/defender-for-cloud

• https://learn.microsoft.com/azure/governance/policy/samples/cis-azure-1-4

• https://learn.microsoft.com/azure/defender-for-cloud/security-alert-email-notifications