turbot/azure_compliance
Loading controls...

Control: 2.3.1 Ensure That 'All users with the following roles' is set to 'Owner'

Description

Enable security alert emails to subscription owners

Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk in a timely fashion.

Remediation

From Azure Portal

  1. From Azure Home select the Portal Menu
  2. Select Microsoft Defender for Cloud
  3. Select Environment Settings
  4. Click on the appropriate Management Group, Subscription, or Workspace
  5. Click on Email notifications
  6. In the drop down of the All users with the following roles field select Owner
  7. Click Save

From Azure CLI

Use the below command to set Send email also to subscription owners to On.

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Securi

Where input.json contains the Request body json data as mentioned below. And replace validEmailAddress with email ids csv for multiple.

{
"id":"/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1",
"name": "default1",
"type": "Microsoft.Security/securityContacts",
"properties": {
"email": "<validEmailAddress>",
"alertNotifications": "On",
"alertsToAdmins": "On",
"notificationsByRole": "Owner"
}

Default Value

By default, Owner is selected.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v150_2_3_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v150_2_3_1 --share

SQL

This control uses a named query:

securitycenter_security_alerts_to_owner_enabled

Tags