Ensure Send email notification for high severity alerts to admins is enabled

Error: Send email notification for high severity alerts to admins is not enabled

Bridgecrew Policy ID: BC_AZR_GENERAL_5
Checkov Check ID: CKV_AZURE_22
Severity: MEDIUM

Send email notification for high severity alerts to admins is not enabled

Description

Enabling security alert emails to subscription owners ensures that they receive security alert emails from Microsoft. This ensures that they are aware of any potential security issues and can mitigate the risk identified in a timely fashion.

We recommend set security alert emails to be sent to subscription owners.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. Navigate to the Security Center.
  3. Click Security Policy.
  4. Navigate to Security Policy Subscription, click Edit Settings.
  5. Click Email notifications.
  6. Set Send email also to subscription owners to On.
  7. Click Save.

CLI Command

To set Send email also to subscription owners to On, use the following command:

az account get-access-token --query
"{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1
bash -c 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type:
application/json"
https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/se
curityContacts/default1?api-version=2017-08-01-preview -d@"input.json"'

Where input.json contains the Request body json data, detailed below.
Replace validEmailAddress with email ids csv for multiple.
Replace phoneNumber with a valid phone number.

 {
 "id":
"/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityC
ontacts/default1",
 "name": "default1",
 "type": "Microsoft.Security/securityContacts",
 "properties": {
 "email": "<validEmailAddress>",
 "phone": "<phone_number>",
 "alertNotifications": "On",
 "alertsToAdmins": "On"
 }
 }

Fix - Buildtime

Terraform

  • Resource: azurerm_security_center_contact
  • Argument: alerts_to_admins
resource "azurerm_security_center_contact" "example" {
    ...
+   alerts_to_admins    = true
}