Skip to main content

Remediation

From Azure Portal

From Azure Home select the Portal Menu.
Select Microsoft Defender for Cloud.
Under Management, select Environment Settings.
Click on the appropriate Management Group, Subscription, or Workspace.
Click on Email notifications.
In the drop down of the All users with the following roles field select Owner.
Click Save.

From Azure CLI

Use the below command to set Send email also to subscription owners to On:

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'

Where input.json contains the data below, replacing validEmailAddress with a single email address or multiple comma-separated email addresses:

{ 
    "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1", 
    "name": "default1", 
    "type": "Microsoft.Security/securityContacts", 
    "properties": { 
        "email": "<validEmailAddress>", 
        "alertNotifications": "On", 
        "alertsToAdmins": "On", 
        "notificationsByRole": "Owner" 
    } 
}

From Azure Portal
From Azure CLI