Security Center setting ‘All users with the following roles’ should be set to ‘Owner’

Description

Security Center alerts ensure that the appropriate individuals in an organization are notified via email when issues occur, speeding up time to remediation. Subscription owners should receive these alerts so they can triage and remediate issues appropriately.

Azure Portal

  • Navigate to Security Center.

  • In the left navigation, select Pricing & settings.

  • Select the relevant subscription and in the left navigation, select Email notifications.

  • In the Email recipients section, select the Owner role.

  • Click Save.

Azure CLI

  • To enable alerts with high severity:

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'
  • In the input.json, enter your subscription ID and valid email addresses.

{ "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default1", "name": "default1", "type": "Microsoft.Security/securityContacts", "properties": { "email": "<validEmailAddress>", "alertNotifications": "On", "alertsToAdmins": "On" } }