Need to add defender alert notification for an email address through powershell as we have multiple subscriptions.

Question

Need to add defender alert notification for an email address through powershell as we have multiple subscriptions.

Rishineken Pongen 176

Hi,

We want to add Microsoft defender notification through powershell as we have multiple subscriptions on diff tenants. Either by powershell or partner centre powershell . Attaching screenshot -

Already read the article - https://learn.microsoft.com/en-us/azure/defender-for-cloud/configure-email-notifications
new

1 answer

Your answer

Answer 1

Alistair Ross 7,466 Microsoft Employee

Hello

The PowerShell module Az.Security contains the cmdlet Set-AzSecurityContact. This would allow to to use the switch parameter -NotifyOnAlert, though this doesn't allow you to specify the minimum severity.

If you wanted to specify the severity, you can invoke the rest API using PowerShell. Here is an example using a single subscription, though you may want to modify for your needs

Connect-AzAccount -Subscription $SubscriptionId

$SubscriptionId = "00000000-0000-0000-0000-000000000000"
$Method = "PUT"
$URI = "https://management.azure.com/subscriptions/$SubscriptionId/providers/Microsoft.Security/securityContacts/default?api-version=2020-01-01-preview" 
$Body = @'
{
    "properties": {
        "notificationsByRole": {
            "state": "On",
            "roles": [
                "Owner",
                "ServiceAdmin"
            ]
        },
        "emails": "john@contoso,com",
        "phone": "",
        "alertNotifications": {
            "state": "On",
            "minimalSeverity": "Medium"
        }
    }
}
'@

Invoke-AzRestMethod  -Method $Method -Uri $URI -Payload $Body

I hope this helps provide you with the information you need. If it does, please make sure to mark the question as answered so it helps other people in future.

Kind regards

Alistair

Rishineken Pongen 176 Reputation points

2023-02-16T10:28:34.1233333+00:00

Hi, thanks for the response. How do i add multiple people into it ? if i run the script twice by adding different people , it doesn't keep the old one and if i try to add 2 users in it, i get the error " Content : {"properties.emails":["The input was not valid.","The input was not valid.","The input was not valid."]} "
Rishineken Pongen 176 Reputation points

2023-02-20T11:35:52.71+00:00

Hi, Im trying to add multiple email addresses, however when i add it on the email address option, it keeps giving error . Could you help me further in this ?
Niels Ziegler 1 Reputation point

2023-09-11T09:11:49.6266667+00:00
For me it was necessary to add the e-mail addresses like this:

$notificationEmails = "******@provider.com;******@provider.com"

"emails": "$notificationEmails"
Robbie Reichard 0 Reputation points

2025-02-03T14:13:01.22+00:00

This looks awesome, is there any way to do this for all subscriptions in the tenant? I would like to see if you have one available that would loop through all subscriptions and add the entries in each one. Also, is there a way to just add a few E-Mail addresses and leave the rest of the properties alone? Also, I would like to add email addresses and leave the others in there as each subscription may have a specific admin's email address that need notifications for their subscriptions.

Share via

Need to add defender alert notification for an email address through powershell as we have multiple subscriptions.

1 answer

Your answer