Ensure that Azure subscription owners receive security alert email notifications from Microsoft Defender for Cloud when compromised resources are detected within the Azure account. The contact information, in this case one or more email addresses, is used by the Azure subscription owners to contact the account administrator if the Microsoft Security Response Center (MSRC) discovers that the cloud resources and/or data has been accessed by an unauthorized actor or system.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Enable sending security alert emails to subscription owners ensures that they receive important alert notifications from Microsoft Security Response Center in order to become aware of the security issues identified, and take actions to mitigate the risks in a timely fashion.
Audit
To determine if Microsoft Defender for Cloud is configured to send security alert email notifications to Azure subscription owners, perform the following operations:
Remediation / Resolution
To configure Microsoft Defender for Cloud to send security alert email notifications to Azure subscription owners, perform the following operations:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Configure email notifications for security alerts
- Security Control V2: Incident Response
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token