Azure-SecurityCenter-Security-Contacts-Enabled

Owned by naveen

Last updated: Dec 08, 2021

1 min read

Severity : High

Description: This control ensures that phone number is set for SecurityContacts. Microsoft reaches out to the provided security contact in case its security team finds that your resources are compromised. This ensures that you are aware of any potential compromise and you can timely mitigate the risk.

Remediation Steps:

Perform following to update security contact parameters using Azure CLI:

az security contact create --email --phone --name --alert-notifications on --alerts-admins on

Important:

Reference:

Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #2.13
https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/list
https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update

Blue Hexagon Proprietary