Description
Microsoft Defender for Cloud emails the subscription owners whenever a high-severity alert is triggered for their subscription. You should provide a security contact email address as an additional email address.
Rationaleβ
Microsoft Defender for Cloud emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the 'Additional email addresses' field ensures that your organization's Security Team is included in these alerts. This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion.
Auditβ
This policy flags an Azure Subscription as INCOMPLIANT if the Security Center: Contacts configuration does not include a default contact with a configured security contact email.
Default Valueβ
By default, there are no additional email addresses entered.
Referencesβ
- https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
- https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list
- https://docs.microsoft.com/en-us/rest/api/securitycenter/security-contacts
- https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-incident-response#ir-2-preparation---setup-incident-notification
Additional Informationβ
Excluding any entries in the input.json properties block disables the specific setting by default.