跳到主要內容

Set Up Notifications

Implementation Effort: Medium – Setting up notifications requires configuration by security administrators and coordination with stakeholders to define who should receive alerts and under what conditions.

User Impact: Medium – Notifications may be sent to resource owners, security teams, or other stakeholders, prompting them to take action based on alert severity or attack path risk.

Overview

Setting up notifications in Microsoft Defender for Cloud ensures that the right people are informed about security alerts and attack paths in a timely manner. Administrators can configure email notifications based on alert severity (High, Medium, Low) and attack path risk levels (Critical, High, Medium, Low). Notifications can be sent to specific email addresses or to users with designated Azure roles such as Security Admin, Owner, or Contributor.

To prevent alert fatigue, Defender for Cloud limits the number of emails sent per severity level. For example, high-severity alerts are limited to four emails per day per recipient. Notifications can be configured through the Azure portal or programmatically using the SecurityContacts API.

This setup supports the Zero Trust principle of "Assume Breach" by ensuring that potential threats are promptly communicated to responsible parties, enabling faster response and containment.

Reference