Risk Level: Low
Description:
This plugin is used to ensure that a valid security contact email address is configured for your Azure subscriptions. Setting security contacts guarantees that any security issues discovered by Azure are forwarded to a security team that is capable of dealing with the situation.
Recommended Action: Ensure that email notifications are configured for the subscription from the Security Center.
About the Service :
Microsoft Azure Security Center is a collection of tools for monitoring and managing the security of virtual machines and other cloud computing resources in Microsoft's public cloud. The Azure Security Center is accessed through the Azure management interface by administrators. Policy Configuration, Data Collection, Recommendation, Alerts, etc. features are some of the most important elements of Azure Security Center.
Impact:
If there are no valid security contact email addresses for each Microsoft Azure subscription that you own, Security Center will not be able to reach out to you if it identifies any breaches or compromises in your Aure Cloud resources.
Steps to reproduce :
- Sign in to your Azure management console.
- Navigate to the Azure SecuirtyCenter Blade at: https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/
- On the Microsoft Defender For Cloud page that appears click on the Azure Subscriptions heading.
- Select the subscription that you want to examine.
- In the navigation panel, select Email Notification.
- In the Email recipients settings section, check if there are values assigned in both, All users with the following roles as well as Additional email addresses options.
- If not, then there are no security contact email addresses defined in the Azure Security Center configuration settings available for the selected Microsoft Azure subscription.
- Repeat step no. 4 – 7 for each Microsoft Azure subscription available in your account.
Steps for remediation :
- Sign in to your Azure management console.
- Navigate to the Azure SecuirtyCenter Blade at: https://portal.azure.com/#blade/Microsoft_Azure_Security/SecurityMenuBlade/
- On the Microsoft Defender For Cloud page that appears click on the Azure Subscriptions heading.
- Select the subscription that you want to examine.
- In the navigation panel, select Email Notification.
- In the Email recipients settings section, select any of the values available in the All users with following roles field and add additional security email addresses according to your requirement in the Additional email addresses field.
- Click Save to save the changes.
- Repeat steps no. 4 – 7 to reconfigure each Microsoft Azure subscription that is misconfigured in your account.
References:
- https://docs.microsoft.com/en-us/azure/security-center/security-center-provide-security-contact-details
- https://azure.microsoft.com/mediahandler/files/resourcefiles/cis-microsoft-azure-foundations-security-benchmark/CIS_Microsoft_Azure_Foundations_Benchmark_v1.0.0.pdf
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support