Detections
Analytics

Ensure That 'All users with the following roles' is set to 'Owner'

MEDIUM

Description

Description:

Enable security alert emails to subscription owners.

Rationale:

Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.

Remediation

From Azure Console

  1. Go to 'Microsoft Defender for Cloud'
  2. Click on 'Environment Settings'
  3. Click on the appropriate Management Group, Subscription, or Workspace
  4. Click on 'Email notifications'
  5. In the drop down of the 'All users with the following roles' field select 'Owner'
  6. Click 'Save'

Using Azure Command Line Interface 2.0

Use the below command to set 'Send email also to subscription owners' to 'On'.

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'

Where 'input.json' contains the Request body json data as mentioned below.
And replace 'validEmailAddress' with email ids csv for multiple.

{
"id": "/subscriptions//providers/Microsoft.Security/securityContacts/default1",
"name": "default1",
"type": "Microsoft.Security/securityContacts",
"properties": {
"email": "",
"alertNotifications": "On",
"alertsToAdmins": "On",
"notificationsByRole": "Owner"
}
}
.

Policy Details

Rule Reference ID: AC_AZURE_0239
CSP: Azure
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: azurerm_security_center_contact
Resource Category: Management
Resource Type: Security Center

Frameworks