How to modify SecurityContact details through Azure Policy

WELCH, Matthew 0 Reputation points
2024-01-24T23:54:11.1766667+00:00

I am unable to modify the SecurityContact details for a subscription in Azure Policy. I get the following error when saving the policy definition: Editing policy definition 'Email notification to subscription owner' in 'Tenant Root' failed. The policy definition 'xxx' has operations referring to aliases that are not modifiable: 'Microsoft.Security/securityContacts/emails, ...' How come this can be changed in the portal and is there a way to do it in policy as I need to remediate a number of subscriptions?

User's image

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
799 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,203 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SwathiDhanwada-MSFT 17,726 Reputation points
    2024-01-25T04:00:28.1933333+00:00

    @WELCH, Matthew As you are already aware that you use property aliases to access specific properties for a resource type. Aliases enable you to restrict what values or conditions are allowed for a property on a resource. Each alias maps to paths in different API versions for a given resource type. There are only certain set of aliases where you can use modify effect on. To find aliases that can be used with the modify effect, use the following command in Azure PowerShell 4.6.0 or higher:

    Get-AzPolicyAlias | Select-Object -ExpandProperty 'Aliases' | Where-Object { $_.DefaultMetadata.Attributes -eq 'Modifiable' }

    All the aliases which are trying to modify does not have modifiable property enabled. User's image