Control: 2.15 Ensure that 'All users with the following roles' is set to 'Owner'
Description
Enable security alert emails to subscription owners. Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.
Remediation
From Console
- Login to Azure console and navigate to Security Center.
- Select
Pricing & settingsblade under Management. - Click on the appropriate Management Group, Subscription, or Tenant.
- Click on
Email notifications. - Under
Email recipient, selectOwnerin the drop down of theAll users with the following rolesfield. - Click Save.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v130_2_15Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v130_2_15 --shareSQL
This control uses a named query:
with contact_info as ( select count(*) filter (where alerts_to_admins = 'On') as admin_alert_count, subscription_id from azure_security_center_contact group by subscription_id limit 1)select sub.subscription_id as resource, case when admin_alert_count > 0 then 'ok' else 'alarm' end as status, case when admin_alert_count > 0 then '"All users with the following roles" set to Owner' else '"All users with the following roles" not set to Owner.' end as reason , sub.display_name as subscriptionfrom azure_subscription sub left join contact_info ci on sub.subscription_id = ci.subscription_id;