Provide security contact details in Azure Security Center
Azure Security Center will recommend that you provide security contact details for your Azure subscription if you haven't already. This information will be used by Microsoft to contact you if the Microsoft Security Response Center (MSRC) discovers that your customer data has been accessed by an unlawful or unauthorized party. MSRC performs select security monitoring of the Azure network and infrastructure and receives threat intelligence and abuse complaints from third parties.
An email notification is sent on the first daily occurrence of an alert and only for high severity alerts. Email preferences can only be configured for subscription policies. Resource groups within a subscription will inherit these settings. Alerts are available only in the Standard tier of Azure Security Center.
Alert email notifications are sent:
- To a single email recipient per alert type per day
- No more than 3 email messages are sent to a single recipient in a single day
- Each email message contains a single alert, not an aggregation of alerts
- Only for high severity alerts
For alerts with other severity levels, create a workflow automation to use a Logic App that will send emails to the relevant personnel.
For example, if an email message was already sent to alert you about an RDP attack, you will not receive another email message about an RDP attack on the same day, even if another alert is triggered.
This document introduces the service by using an example deployment. This is not a step-by-step guide.
As a user with the role Security Admin or Subscription Owner, open the Email notifications page:
For alerts, open Pricing & settings, select the relevant subscription, and select Email notifications.
If you are implementing a recommendation, then Under Recommendations, select Provide security contact details, select the Azure subscription to provide contact information on. This opens Email notifications.
Enter the security contact email address or addresses separated by commas. There is no limit to the number of email addresses that you can enter.
To receive emails about high severity alerts, turn on the option Send me emails about alerts. For other severity levels use a Logic App as explained in workflow automation.
You can send email notifications to subscription owners (classic Service Administrator and Co-Administrators, plus RBAC Owner role at the subscription scope).
To apply the security contact information to your subscription, select Save.
To learn more about Security Center, see the following:
- Setting security policies in Azure Security Center -- Learn how to configure security policies for your Azure subscriptions and resource groups.
- Managing security recommendations in Azure Security Center -- Learn how recommendations help you protect your Azure resources.
- Security health monitoring in Azure Security Center -- Learn how to monitor the health of your Azure resources.
- Managing and responding to security alerts in Azure Security Center -- Learn how to manage and respond to security alerts.
- Monitoring partner solutions with Azure Security Center -- Learn how to monitor the health status of your partner solutions.