Send email notification for high severity alerts is not enabled

Description

Enabling email security alerts to be automatically sent to your organization's security staff ensures that the correct people are aware of any potential security issues, and can mitigate the risk.

Setting the security alert Send email notification for high severity alerts to On ensures that emails are sent from Microsoft if their security team determines a potential security breach has taken place.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

1. Log in to the Azure Portal at https://portal.azure.com.
2. Navigate to the Security Center.
3. Click Security Policy.
4. For the security policy subscription, click Edit Settings.
5. Click Email notifications.
6. Set Send email notification for high severity alerts to On.
7. Click Save.

CLI Command

To set Send email notification for high severity alerts to On, use the following command:

az account get-access-token --query
"{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1
bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type:application/json"
https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/
securityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'

Where input.json contains the Request body json data, detailed below.
Replace validEmailAddress with email ids csv for multiple.
Replace phoneNumber with the valid phone number.

{
"id":
"/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/
securityContacts/default1",
"name": "default1",
"type": "Microsoft.Security/securityContacts",
"properties": {
"email": "<validEmailAddress>",
"phone": "<phone_number>",
"alertNotifications": "On",
"alertsToAdmins": "On"
}
}

Fix - Buildtime

Terraform

• Resource: azurerm_security_center_contact
• Argument: alert_notifications

resource "azurerm_security_center_contact" "example" {
    ...
+   alert_notifications = true
}