Azure-SecurityCenter-Security-Contacts-Enabled
Severity : High
Description: This control ensures that phone number is set for SecurityContacts. Microsoft reaches out to the provided security contact in case its security team finds that your resources are compromised. This ensures that you are aware of any potential compromise and you can timely mitigate the risk.
Remediation Steps:
Perform following to update security contact parameters using Azure CLI:
az security contact create --email --phone --name --alert-notifications on --alerts-admins on
Important:
Â
Reference:
Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #2.13
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update
Blue Hexagon Proprietary