Skip to main content

🛡️ Azure Subscription Security Alert Notifications for attack path with Critical severity are not configured🟢⚪

  • Contextual name: 🛡️ Security Alert Notifications for attack path with Critical severity is not configured🟢⚪
  • ID: /ce/ca/azure/subscription/security-alert-notifications-for-attack-paths-with-critical-severity
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: SECURITY

Description

Open File

Description

Enables emailing attack paths to the subscription owner or other designated security contact.

Rationale

Enabling attack path emails ensures that attack path emails are sent by Microsoft. This ensures that the right people are aware of any potential security issues and can mitigate the risk.

Impact

Enabling attack path emails can cause alert fatigue, increasing the risk of missing important alerts. Select an appropriate risk level to manage notifications. Azure aims to reduce alert fatigue by limiting the daily email volume per risk level. Learn more: https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications#email-frequency.

Audit

From Azure Portal
  1. From Azure Home select the Portal Menu.
  2. Select Microsoft Defender for Cloud.
  3. Under Management, select Environment settings.
  4. Click on the appropriate Subscription.
  5. Click on Email notifications.
  6. Under Notification types, ensure that the box next to Notify about attack paths with the following risk level (or higher) is checked, and an appropriate risk level is selected.

... see more

Remediation

Open File

Remediation

From Azure Portal

  1. From Azure Home select the Portal Menu.
  2. Select Microsoft Defender for Cloud.
  3. Under Management, select Environment settings.
  4. Click on the appropriate Subscription.
  5. Click on Email notifications.
  6. Under Notification types, check the box next to Notify about attack paths with the following risk level (or higher), and select an appropriate risk level from the drop-down menu.
  7. Repeat steps 1-6 for each Subscription.

policy.yaml

Open File

Linked Framework Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 CIS Azure v4.0.0 → 💼 9.1.15 Ensure that 'Notify about attack paths with the following risk level (or higher)' is enabled (Automated)1no data
💼 Cloudaware Framework → 💼 Microsoft Defender Configuration26no data