Control: 2.15 Ensure that 'All users with the following roles' is set to 'Owner'
Description
Enable security alert emails to subscription owners. Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.
Remediation
From Console
- Go to
Microsoft Defender for Cloud - Click on
Environment Settings - Click on the appropriate Management Group, Subscription, or Workspace
- Click on
Email notifications - In the drop down of the
All users with the following rolesfield selectOwner - Click
Save
From Command Line
Use the below command to set Send email also to subscription owners to On.
az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1 api-version=2017-08-01-preview -d@"input.json"'
Where input.json contains the request body json data as mentioned below
{ "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1", "name": "default1", "type": "Microsoft.Security/securityContacts", "properties": { "email": "<validEmailAddress>", "alertNotifications": "On", "alertsToAdmins": "On", "notificationsByRole": "Owner" }}
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v140_2_15Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v140_2_15 --shareSQL
This control uses a named query:
securitycenter_security_alerts_to_owner_enabled