Ensure that additional email addresses are configured within Microsoft Defender for Cloud service settings in order to receive email-based notifications whenever a high-severity alert is triggered in your Azure account subscription. For compliance, you should provide one or more security contact email addresses as additional email addresses.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By default, there are no additional email addresses configured in the Microsoft Defender for Cloud settings, therefore the security service sends email notifications about security alerts only to the subscription owner. Adding one or more security contact email addresses to the "Additional email addresses (separated by commas)" field guarantees that your organization's security team is also notified about security alerts. This ensures that the proper people within your organization are aware of any potential security issues, enabling them to mitigate the risks in a timely fashion.
Audit
To determine if security contact email addresses are configured as additional email addresses within Microsoft Defender for Cloud settings, perform the following actions:
Remediation / Resolution
To configure additional email addresses for Microsoft Defender for Cloud security notifications, perform the following actions:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Configure email notifications for security alerts
- Security Control V2: Incident Response
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token