Risk Level: Low
Cloud Entity: Security Contact
CloudGuard Rule ID: D9.AZU.MON.61
Covered by Spectral: Yes
Category: Security Center

GSL LOGIC

SecurityContact should have properties.notificationsByRole.state='On' and properties.notificationsByRole.roles contain [ 'Owner']

REMEDIATION

From Portal

Go to Microsoft Defender for Cloud
Click on Environment Settings
Click on the appropriate Management Group, Subscription, or Workspace
Click on Email notifications
In the drop down of the All users with the following roles field select Owner
Click Save

From TF
Set the 'alerts_to_admins' argument under 'azurerm_security_center_contact' to true:

resource "azurerm_security_center_contact" "example" {
	...
	alerts_to_admins    = true
	...
}

From Command Line

Use the below command to set Send email notification for high severity alerts to On.
Run

az account get-access-token --query '{subscription:subscription,accessToken:accessToken}' --out tsv | xargs -L1 bash -c 'curl -X PUT -H 'Authorization: Bearer $1' -H 'Content-Type: application/json' https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default?api-version=2020-01-01-preview -d@'input.json''

Where input.json contains the Request body json data as mentioned below. And replace EMAIL-ADDRESS with email ids csv for multiple.

{
 "id": "/subscriptions/YOUR-SUBSCRIPTIONID/providers/Microsoft.Security/securityContacts/default1",
 "name": "default1",
 "type": "Microsoft.Security/securityContacts",
 "properties": {
   "email": "EMAIL-ADDRESS",
   "alertNotifications": "On",
   "alertsToAdmins": "On",
   "notificationsByRole": "Owner"
 }
}

References

https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
https://docs.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest#az-account-get-access-token
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/security_center_contact#alerts_to_admins

Security Contact

Security Contact is used to configure Email and alerts notifications to Owners or other users

Compliance Frameworks

Azure CIS Foundations v. 1.2.0
Azure CIS Foundations v. 1.3.0
Azure CIS Foundations v. 1.3.1
Azure CIS Foundations v. 1.4.0
Azure CIS Foundations v. 1.5.0
Azure CIS Foundations v.2.0
Azure CloudGuard Best Practices
Azure NIST 800-53 Rev 5
CloudGuard Azure All Rules Ruleset