I was on a call recently where it came up that some of our avid Azure and Azure Security Center users were completely unaware that they could get email alerts from Azure Security Center.
Email alerts are pretty handy, and it would be unfortunate if you were getting all the Azure Security Center advantages without getting email alerts too.
Maybe you’ve heard about email alerts, but didn’t know how to find them. I know from long experience that sometimes great features are hidden in the interface and end up never getting used.
Let’s not let that happen with Azure Security Center Email Alerts!
Even if you have a SIEM solution with it’s own alerting system, you might still want to enable Azure Security Center Email alerts – we’ll only alert you to high severity alerts, so you’re not going to spam your mailbox with alerts that might not care about.
How about we check them out?
In the Azure Security Center console, click on the Policy tile in the Prevention section.
On the Security Policy blade you pick which Subscription you want to configure Email Alerts for. In this case we’ll select ASC DEMO.
This brings us to the Security Policy blade (hey, weren’t we just there – ok, this is the second Security Policy blade ). Click the Email Notifications option.
This takes us to the Email Notifications blade.
In the Security contact emails field, enter as many email addresses as you like (if you come across a limit, let me know, as I don’t think there’s a practical limit, but don’t enter so many that you turn into what looks like a spammer). You can separate the addresses with a comma (what? No semicolon? )
In the Phone Number field, enter a phone number that we can use to contact you, or your designated security contact. We won’t abuse this number! We’ll only use it if there’s a significant security event that we want you to be aware as a fast as possible.
Just click On next to Send me emails about alerts (Preview) to start getting emails for high severity alerts.
And if you want the subscription owner to get emails too (just in case you left them out of the Security contact emails list), then click On next to Send email also to subscription owners.
Though not shown, there’s an OK button at the bottom of the blade. Click that and email notifications will be send to the addresses you designated.
There you go! Azure Security Center email notifications are cheap (free) and easy (to configure). What’s not to like?