Policy: Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud > 2.01.19 - Ensure 'Additional email addresses' is Configured with a Security Contact Email

Configures auditing against a CIS Benchmark item.

Level: 1

Microsoft Defender for Cloud emails the subscription owners whenever a high-severity alert is triggered for their subscription. You should provide a security contact email address as an additional email address.

Microsoft Defender for Cloud emails the Subscription Owner to notify them about security alerts. Adding your Security Contact's email address to the 'Additional email addresses' field ensures that your organization's Security Team is included in these alerts. This ensures that the proper people are aware of any potential compromise in order to mitigate the risk in a timely fashion.

Resource Types

This policy targets the following resource types:

Azure > Security Center > Security Center

Primary Policy

This policy is used with the following primary policy:

Azure > CIS v2.0 > 02 - Microsoft Defender > 2.01 - Microsoft Defender for Cloud

Controls

Policy Specification

Schema Type	`string`
Default	`Per Azure > CIS v2.0 > 02 - Microsoft Defender`
Valid Values [YAML]	`Per Azure > CIS v2.0 > 02 - Microsoft Defender` `Skip` `Check: Benchmark`

In Your Workspace

Policy Settings by Type report

Developers

Category URI

tmod:@turbot/cis#/control/categories/v071905

Policy Type URI

tmod:@turbot/azure-cisv2-0#/policy/types/r020119

GraphQL

query policyType(id: "tmod:@turbot/azure-cisv2-0#/policy/types/r020119") { … }

query policySettings(filter: "policyTypeId:'tmod:@turbot/azure-cisv2-0#/policy/types/r020119'") { … }

query policyValues(filter: "policyTypeId:'tmod:@turbot/azure-cisv2-0#/policy/types/r020119'") { … }

CLI

Get Policy Type

turbot graphql policy-type --id "tmod:@turbot/azure-cisv2-0#/policy/types/r020119"

Get Policy Settings

turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/azure-cisv2-0#/policy/types/r020119"