Ensure that 'Phone number' is set for Azure Security Center Contact

MEDIUM

Description

'Phone number' is NOT set for Azure Security Center Contact, this may hamper incident response.

Remediation

According to Microsoft, Owner access level is required to make any changes to the Defender for Cloud contact information. To do so, follow the steps outlined in the Azure Documentation.

In Terraform -

In the azurerm_security_center_contact resource, add a phone number.

References:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#phone

Policy Details

Rule Reference ID: AC_AZURE_0267

CSP: Azure

Remediation Available: Yes

Domain: Security Best Practices

Resource: azurerm_security_center_contact

Resource Category: Management

Resource Type: Security Center

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics