Control: 2.1.18 Ensure That 'All users with the following roles' is set to 'Owner'
Description
Enable security alert emails to subscription owners.
Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.
Remediation
From Azure Portal
- From Azure Home select the Portal Menu.
- Select
Microsoft Defender for Cloud. - Click on
Environment Settings. - Click on the appropriate Management Group, Subscription, or Workspace.
- Click on
Email notifications. - In the drop down of the
All users with the following rolesfield selectOwner. - Click
Save.
From Azure CLI
Use the below command to set Send email also to subscription owners to On.
az account get-access-token --query"{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json"https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/se curityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'
Where input.json contains the data below, replacing validEmailAddress with a single email address or multiple comma-separated email addresses:
{ "id":"/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityC ontacts/default1", "name": "default1", "type": "Microsoft.Security/securityContacts", "properties": { "email": "<validEmailAddress>", "alertNotifications": "On", "alertsToAdmins": "On", "notificationsByRole": "Owner" }}
Default Value
By default, Owner is selected.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v200_2_1_18Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v200_2_1_18 --shareSQL
This control uses a named query:
securitycenter_security_alerts_to_owner_enabled