Verify that 'Additional email addresses' is Configured with a Security Contact Email

Last updated: April 9, 2026

Framework Reference: A.5.24 Integration: Azure – Microsoft Defender for Cloud

Why this matters

High-severity security alerts from Microsoft Defender for Cloud are only sent to subscription owners by default. If the security team is not listed as an additional recipient, they may miss time-sensitive incidents, leading to delayed response and unresolved threats.

Providing a dedicated security contact in the additional email addresses field ensures that alerts reach the right stakeholders.

What this check does

This Auto Check verifies that at least one additional security contact email address is configured in Microsoft Defender for Cloud for each subscription.

Check passes if:

  • At least one valid email address is listed under Additional email addresses

Check fails if:

  • No email addresses are configured in the Additional email addresses field

Applies to:

  • Azure Subscriptions with Microsoft Defender for Cloud enabled

How to fix it

Azure Portal

  1. Go to Microsoft Defender for Cloud

  2. Under Management, select Environment Settings

  3. Choose the Subscription, Management Group, or Workspace

  4. Click Email notifications

  5. In the Additional email addresses field, enter a valid email (or multiple, comma-separated)

  6. Click Save

  7. Azure CLI

  8. Create a file named input.json:

json

{  "id": "/subscriptions/<Your_Subscription_Id>/providers/Microsoft.Security/securityContacts/default",  "name": "default",  "type": "Microsoft.Security/securityContacts",  "properties": {    "email": "<validEmailAddress>",    "alertNotifications": "On",    "alertsToAdmins": "On"  } } 

Run the following:

az account get-access-token --query "{subscription:subscription,accessToken:accessToken}" --out tsv | xargs -L1 bash -c \ 'curl -X PUT -H "Authorization: Bearer $1" -H "Content-Type: application/json" \ https://management.azure.com/subscriptions/$0/providers/Microsoft.Security/securityContacts/default?api-version=2020-01-01-preview \ -d@"input.json"'

PowerShell

Not supported. Use Azure Portal or CLI.

Exceptions

No exceptions recommended. All environments should include at least one designated security contact for incident notification.

Further resources