Severity : High
Description: Enabling security alerts to be sent to admins ensures that detected vulnerabilities and security issues are sent to the subscription admins for quick remediation. Remediation Steps : Ensure that security alerts are configured to be sent to subscription owners.This control ensures that notify about alerts with the high severity field is set to enable security alerts emailing to security administrators. Enabling security alerts emailing ensures that administrators receive the security alert emails from Microsoft. This ensures that administrators are aware of any potential security issues and can timely mitigate the risk. It is recommended to set options to emailing the security alerts to quickly take action on them.
Remediation Steps:
Perform following to Remove all non-required guest users :
Login to Azure Portal usingĀ https://portal.azure.com.
Navigate to Security Center.
Select Pricing & Settings.
Select Subscription.
Under Settings, select Email notification.
Check mark the boxes in Notify about alerts with the following severity.
Select Save.
Important:
Reference:
CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #2.14
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update