Ensure that additional email addresses are configured within Microsoft Azure Security Center settings in order to receive email-based notifications whenever a high-severity alert is triggered within your Azure subscription. For compliance, you should provide one or more security contact email addresses as additional email addresses.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By default, there are no additional email addresses configured in the Azure Security Center (ASC) settings, therefore ASC sends email notifications about security alerts only to the subscription owner. Adding one or more security contact email addresses to the "Additional email addresses (separated by commas)" field guarantees that your organization's security team is also notified about security alerts. This ensures that the proper people within your organization are aware of any potential security issues, enabling them to mitigate the risks in a timely fashion.
Audit
To determine if security contact email addresses are configured as additional email addresses within Security Center settings, perform the following operations:
Remediation / Resolution
To configure additional email addresses for Azure Security Center (ASC) notifications, perform the following operations:
References
- Azure Official Documentation
- Configure email notifications for security alerts
- Security Contacts - List
- Security Contacts
- IR-2: Preparation – setup incident notification
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token