Ensure that a security contact international phone number (including the country code, e.g. +1-425-1234567) is set for the administrator who should be notified when Azure Security Center detects compromised resources.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
As best practice, Azure Security Center recommends that you provide valid security contact details for each Microsoft Azure subscription. If appropriate contact information is provided, the Azure Security Center calls the designated security contact in case its security team finds that your cloud resources are compromised in some way. The main purpose of this feature is to ensure that the right people get notified for potential security risks in order to mitigate those risks in a timely fashion.
Note: Make sure that the contact information (i.e. phone number) provided is valid, as the communication is not digitally signed.
Audit
To determine if a valid security contact phone number is defined within Azure Security Center settings, perform the following actions:
Remediation / Resolution
To set a security contact phone number in order to be notified when Azure Security Center detects compromised resources in your Azure cloud account, perform the following actions:
References
- Azure Official Documentation
- Working with security policies
- Provide security contact details in Azure Security Center
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az
- az account get-access-token
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Security Contact Phone Numbers In Use
Risk level: Medium