Admin Security Alerts Disabled

Risk Level: Low

Description:

This plugin makes sure that security notifications are communicated to administrators. Enabling security notifications to be delivered to subscription admins guarantees that discovered vulnerabilities and security issues are quickly addressed. It uses contact information such as email addresses to send notifications to subscription admins.

Recommended Action: Ensure that security alerts are configured to be sent to subscription owners.

About the Service :

Microsoft Azure Security Center is a collection of tools for monitoring and managing the security of virtual machines and other cloud computing resources in Microsoft's public cloud. The Azure Security Center is accessed through the Azure management interface by administrators. Policy Configuration, Data Collection, Recommendation, Alerts, etc. features are some of the most important elements of Azure Security Center.

Impact: 

If the security alert for subscription administrators is disabled then they will not be able to receive alert notifications from Microsoft Security Response Center about the identified security issues and won't take necessary mitigation steps to prevent attacks or breaches.

Steps to Reproduce :

1. Sign in to your Azure management console.
2. Navigate to the Azure SecuirtyCenter Blade at: https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/
3. On the Microsoft Defender For Cloud page that appears click on the Azure Subscriptions heading. 
4. Select the subscription that you want to examine.
   
5. In the navigation panel, select Email Notification.
6. In the Email recipients settings section, if in the value of All users with following roles field, Owners option is unchecked, then this feature is disabled for the subscription owners.
   
7. Repeat step no. 4 – 7 for each Microsoft Azure subscription available in your account.

Steps for Remediation :

1. Sign in to your Azure management console.
2. Navigate to the Azure SecuirtyCenter Blade at: https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/
3. On the Microsoft Defender For Cloud page that appears click on the Azure Subscriptions heading. 
4. Select the subscription that you want to examine.
   
5. In the navigation panel, select Email Notification.
6. In the Email recipients settings section, select the checkbox of Owners value in the All users with following roles field.
   
7. Click Save to save the changes.
8. Repeat steps no. 4 – 8 to reconfigure each Microsoft Azure subscription that is misconfigured in your account.

References:

• https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
• https://azure.microsoft.com/mediahandler/files/resourcefiles/cis-microsoft-azure-foundations-security-benchmark/CIS_Microsoft_Azure_Foundations_Benchmark_v1.0.0.pdf

Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

Thanks

PingSafe Support