MEDIUM
Source
Trivy/CSPM
CSPM ID
high-severity-alerts-enabled
ID
AVD-AZU-0044

Send notification emails for high severity alerts

It is recommended that at least one valid contact is configured for the security center.

Microsoft will notify the security contact directly in the event of a security incident using email and require alerting to be turned on.

Impact

Follow the appropriate remediation steps below to resolve the issue.

Set alert notifications to be on

1
2
3
4
5
6
7
resource "azurerm_security_center_contact" "good_example" {
  email = "good_example@example.com"
  phone = "+1-555-555-5555"

  alert_notifications = true
  alerts_to_admins    = true
}