Azure-SecurityCenter-Admin-Security-Alerts-Enabled

Severity : High

Description: This control ensures that notify about alerts with the high severity field is set to enable security alerts emailing to security administrators. Enabling security alerts emailing ensures that administrators receive the security alert emails from Microsoft. This ensures that administrators are aware of any potential security issues and can timely mitigate the risk. It is recommended to set options to emailing the security alerts to quickly take action on them.

Remediation Steps:

Perform following to enable alerts notification to administrators :

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to Security Center.

3. Select Pricing & Settings.

4. Select Subscription.

5. Under Settings, select Email notification.

6. Check mark the boxes in Notify about alerts with the following severity.

7. Select Save.

Important:

Reference:

• CIS Microsoft Azure Foundations Benchmark v1.3.0 - 02-01-2021 : Recommendation #2.14

• Configure email notifications for alerts and attack paths - Microsoft Defender for Cloud

• Security Contacts - List - REST API (Azure Defender for Cloud)

• https://docs.microsoft.com/en-us/rest/api/securitycenter/securitycontacts/update