Security Center setting ‘Notify about alerts with the following severity’ should be set to ‘High’

Description

Security Center alerts ensure that the appropriate individuals in an organization are notified via email when issues occur, speeding up time to remediation. Specifying a severity level - in this case, “high” or greater - ensures that individuals are notified of serious issues, without unnecessary noise.

Azure Portal

  • Navigate to Security Center.

  • In the left navigation, select Pricing & settings.

  • Select the relevant subscription and in the left navigation, select Email notifications.

  • In the Email recipients section:

    • Select the role.

    • Enter any additional email addresses.

  • In the Notification types section:

    • Check the Notify about alerts with the following severity (or higher) checkbox and select High from the drop-down.

  • Click Save.

Azure CLI

  • To enable alerts with high severity:

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'
  • In the input.json, enter your subscription ID and valid email addresses.

{ "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1", "name": "default1", "type": "Microsoft.Security/securityContacts", "properties": { "email": "<validEmailAddress>", "alertNotifications": "On", "alertsToAdmins": "On" } }