Control: 2.15 Ensure that 'All users with the following roles' is set to 'Owner'

Description

Enable security alert emails to subscription owners. Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.

Remediation

From Console

Go to Microsoft Defender for Cloud
Click on Environment Settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
In the drop down of the All users with the following roles field select Owner
Click Save

From Command Line

Use the below command to set Send email also to subscription owners to On.

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1 api-version=2017-08-01-preview -d@"input.json"'

Where input.json contains the request body json data as mentioned below

{
  "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1",
  "name": "default1",
  "type": "Microsoft.Security/securityContacts",
  "properties": {
  "email": "<validEmailAddress>",
  "alertNotifications": "On",
  "alertsToAdmins": "On",
  "notificationsByRole": "Owner"
  }
}

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v140_2_15

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v140_2_15 --share

SQL

This control uses a named query:

securitycenter_security_alerts_to_owner_enabled