Ensure that a security contact international phone number (including the country code, e.g. +1-425-1234567) is set for the administrator who wants be notified when Microsoft Defender for Cloud detects compromised cloud resources.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Microsoft Defender for Cloud strongly recommends that you provide valid security contact details for each Azure subscription created in your cloud account. If appropriate contact information is provided, Microsoft Defender for Cloud calls the designated security contact in case your Azure cloud resources are compromised in some way. The main purpose of this feature is to ensure that the right people get notified for potential security risks in order to mitigate those risks in a timely fashion.
Note: Make sure that the contact information (i.e. phone number) provided is valid, as the communication is not digitally signed.
Audit
To determine if a valid security contact phone number is configured within Microsoft Defender for Cloud settings, perform the following operations:
Note: Checking for Microsoft Defender for Cloud security contact details using the Microsoft Azure Portal is not currently supported.Remediation / Resolution
To set a security contact phone number in order to be notified when Microsoft Defender for Cloud detects compromised resources within your cloud account, perform the following operations:
Note: Setting a security contact phone number for Microsoft Defender for Cloud alert notifications using the Microsoft Azure Portal is not currently supported.References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Configure email notifications for security alerts
- Security Control V2: Incident Response
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token