Microsoft.Security securityContacts
Bicep resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/securityContacts@2023-12-01-preview' = {
name: 'string'
properties: {
emails: 'string'
isEnabled: bool
notificationsByRole: {
roles: [
'string'
]
state: 'string'
}
notificationsSources: [
{
sourceType: 'string'
// For remaining properties, see NotificationsSource objects
}
]
phone: 'string'
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
minimalSeverity: 'string'
sourceType: 'Alert'
}
For AttackPath, use:
{
minimalRiskLevel: 'string'
sourceType: 'AttackPath'
}
Property values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |
ARM template resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription - See subscription deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following JSON to your template.
{
"type": "Microsoft.Security/securityContacts",
"apiVersion": "2023-12-01-preview",
"name": "string",
"properties": {
"emails": "string",
"isEnabled": "bool",
"notificationsByRole": {
"roles": [ "string" ],
"state": "string"
},
"notificationsSources": [ {
"sourceType": "string"
// For remaining properties, see NotificationsSource objects
} ],
"phone": "string"
}
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
"minimalSeverity": "string",
"sourceType": "Alert"
}
For AttackPath, use:
{
"minimalRiskLevel": "string",
"sourceType": "AttackPath"
}
Property values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2023-12-01-preview' |
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
| type | The resource type | 'Microsoft.Security/securityContacts' |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |
Terraform (AzAPI provider) resource definition
The securityContacts resource type can be deployed with operations that target:
- Subscription
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/securityContacts resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/securityContacts@2023-12-01-preview"
name = "string"
body = jsonencode({
properties = {
emails = "string"
isEnabled = bool
notificationsByRole = {
roles = [
"string"
]
state = "string"
}
notificationsSources = [
{
sourceType = "string"
// For remaining properties, see NotificationsSource objects
}
]
phone = "string"
}
})
}
NotificationsSource objects
Set the sourceType property to specify the type of object.
For Alert, use:
{
minimalSeverity = "string"
sourceType = "Alert"
}
For AttackPath, use:
{
minimalRiskLevel = "string"
sourceType = "AttackPath"
}
Property values
Microsoft.Security/securityContacts
| Name | Description | Value |
|---|---|---|
| name | The resource name | 'default' (required) |
| properties | Security contact data | SecurityContactProperties |
| type | The resource type | "Microsoft.Security/securityContacts@2023-12-01-preview" |
NotificationsSource
| Name | Description | Value |
|---|---|---|
| sourceType | Set to 'Alert' for type NotificationsSourceAlert. Set to 'AttackPath' for type NotificationsSourceAttackPath. | 'Alert' 'AttackPath' (required) |
NotificationsSourceAlert
| Name | Description | Value |
|---|---|---|
| minimalSeverity | Defines the minimal alert severity which will be sent as email notifications | 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'Alert' (required) |
NotificationsSourceAttackPath
| Name | Description | Value |
|---|---|---|
| minimalRiskLevel | Defines the minimal attach path risk level which will be sent as email notifications | 'Critical' 'High' 'Low' 'Medium' |
| sourceType | The source type that will trigger the notification | 'AttackPath' (required) |
SecurityContactProperties
| Name | Description | Value |
|---|---|---|
| emails | List of email addresses which will get notifications from Microsoft Defender for Cloud by the configurations defined in this security contact. | string |
| isEnabled | Indicates whether the security contact is enabled. | bool |
| notificationsByRole | Defines whether to send email notifications from Microsoft Defender for Cloud to persons with specific RBAC roles on the subscription. | SecurityContactPropertiesNotificationsByRole |
| notificationsSources | A collection of sources types which evaluate the email notification. | NotificationsSource[] |
| phone | The security contact's phone number | string |
SecurityContactPropertiesNotificationsByRole
| Name | Description | Value |
|---|---|---|
| roles | Defines which RBAC roles will get email notifications from Microsoft Defender for Cloud. List of allowed RBAC roles: | String array containing any of: 'AccountAdmin' 'Contributor' 'Owner' 'ServiceAdmin' |
| state | Defines whether to send email notifications from AMicrosoft Defender for Cloud to persons with specific RBAC roles on the subscription. | 'Off' 'On' |