Enable sending high severity alert notifications to the security contact email address defined within the Microsoft Defender for Cloud settings. The contact information provided will be used by Microsoft Defender for Cloud to contact the subscription owners and/or administrators if the Microsoft Security Response Center (MSRC) detects security issues, such as Remote Desktop Protocol (RDP) attacks or customer data accessed by an unauthorized party. MSRC performs in-depth security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third-party partners.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
By upgrading the "Notify about alerts with the following severity (or higher)" setting to "High", you make sure that the right people get notified when potential security risks are identified in your Azure cloud account, in order to be able to mitigate the risks in a timely fashion.
Audit
To determine if sending email notification for alerts is enabled within Azure Security Center settings, perform the following actions:
Remediation / Resolution
To enable high severity alert email notifications for Microsoft Defender for Cloud, perform the following operations:
References
- Azure Official Documentation
- Microsoft Defender for Cloud documentation
- What is Microsoft Defender for Cloud?
- Configure email notifications for security alerts
- Security Control V2: Incident Response
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token