Azure-SecurityCenter-High-Severity-Alerts-Enabled

Severity : High

Description: This control ensures that Notify about alerts with the following severity field is marked. Enabling security alerts emailing ensures that the security alert emails from Microsoft get receive by appropriate email address. This ensures that any potential security issues are informormed and you can timely mitigate the risk.

Remediation Steps:

Perform following to update parameters:

1. Login to Azure Portal using https://portal.azure.com.

2. Go to Security Center.

3. Click on Pricing & settings.

4. Click on Subscriptions.

5. Under Settings click on Email notifications.

6. Mark check box for Notify about alerts with the following severity.

7. Click Save.

Important:

• Along with ASC Default assignment, there could be custom policy assignments with the policy definition "Enable Monitoring in Azure Security Center". 'Monitor missing Endpoint Protection in Azure Security Center' should be enabled for at least one of such assignments

Reference:.

• CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #2.14

• https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details

• https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list

• https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update