Plugin Title Security Contacts Enabled
Cloud AZURE
Category Security Center
Description Ensures that security contact phone number and email address are set
More Info Setting security contacts ensures that any security incidents detected by Azure are sent to a security team equipped to handle the incident.
AWS Link https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
Recommended Action Ensure that email notifications are configured for the subscription from the Security Center.


Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Security Center.
  3. On the "Security Center" page scroll down the left navigation panel and choose "Pricing and Settings."
  4. On the "Security Center - Pricing & settings" page, select the "Subscription" by clicking on the "Name."
  5. Under the "Settings - Pricing tier", click on the "Email Notifications" options and if the "Email notification settings" are turned off along with "Phone number" then the "Security Contacts" are not enabled.
  6. Repeat steps number 2 - 5 to verify other Azure accounts for "Admin Security Alerts."
  7. Navigate to Security center, choose "Pricing and Settings", select the "Subscription" by clicking on the "Name" and click on the "Email Notifications" options.
  8. On the "Settings - Email notifications" page, enter the "Email address" and if there are more than 1 "Email address" then separate the email addresses by "comma and enter the "Phone number" as needed."
  9. On the "Email notification settings" click on "ON" option next to "Send email notification for high severity alerts."Click on the Save button to make the changes.
  10. Repeat steps number 7 - 9 to ensure that email notifications are configured for the subscription from the Security Center.

Want to scan for this risk automatically?

Get Started Now